Security & Testing Claude 技能

Security Audit for Claude Code

Audits code for critical security vulnerabilities like SQL injection and broken authentication with actionable, production-ready fixes.

Test-Driven Development (TDD)

Enforces a disciplined RED-GREEN-REFACTOR cycle to ensure high-quality, test-backed code implementation.

Spec-to-Code Compliance

Verifies that blockchain protocol implementations strictly adhere to their technical specifications and whitepapers during security audits.

Constant Time Analysis

Identifies timing side-channel vulnerabilities and non-constant-time operations in cryptographic implementations across multiple programming languages.

Burp Suite Security Testing

Conducts professional-grade web application security audits and penetration testing using the Burp Suite ecosystem.

Cynara Policy Validator

Validates Cynara privilege access control policies to ensure secure and compliant Tizen application environments.

LibFuzzer Security Testing

Automates the discovery of software vulnerabilities using coverage-guided fuzzing patterns and security best practices.

Sharp Edges Security Auditor

Identifies error-prone API designs and dangerous configuration patterns to prevent security vulnerabilities and misuse.

Cosmos Vulnerability Scanner

Scans Cosmos SDK blockchains and CosmWasm contracts to detect consensus-critical vulnerabilities and security flaws.

Requirement Clarification

Ensures implementation accuracy by prompting for clarification whenever task requirements are ambiguous or underspecified.

Smack Policy Auditor

Audits SMACK policy files for label conflicts, correctness, and mandatory access control compliance in Tizen environments.

Tizen SMACK Label Orchestrator

Coordinates mandatory access control labels and process isolation for Tizen applications and kernel security.

AI Multi-Model Orchestration Loop

Orchestrates an advanced feedback loop between Claude, Codex, and Gemini to provide multi-perspective validation and high-integrity code generation.

Codex-Claude Engineering Loop

Orchestrates a multi-stage dual-AI workflow to plan, implement, and validate complex features with high-confidence code reviews.

CodeQL Static Analysis

Performs deep semantic code analysis to detect security vulnerabilities, track data flow, and conduct comprehensive security audits.

Codex CLI

Analyzes, reviews, and validates codebases using advanced OpenAI Codex models with configurable reasoning levels.

Substrate Vulnerability Scanner

Identifies seven critical security vulnerabilities in Substrate and Polkadot pallets during the development and auditing process.

Ruzzy Rust Fuzzing

Automates Rust vulnerability discovery using the Ruzzy fuzzing framework to identify security flaws and crashes.

Infrastructure Testing & Security

Validates infrastructure configurations and deployments through automated security scanning, cost analysis, and post-deployment verification.

Lighthouse CI Integrator

Integrates Lighthouse CI into development workflows to automate performance auditing and enforce Core Web Vitals budgets.

Tizen Certification Coordinator

Orchestrates the Tizen certification lifecycle by coordinating TCT test execution, security policy auditing, and compliance documentation.

Running Performance Benchmarks

Executes comprehensive performance audits, load tests, and regression analysis for API endpoints to ensure system stability and optimization efficiency.

Property-Based Testing

Implements advanced property-based testing strategies to ensure code correctness and security through comprehensive input exploration and invariant validation.

Tizen Sandbox Escape Detector

Tests Tizen application sandboxes for privilege escalation and escape vulnerabilities to ensure robust process isolation.

Wycheproof Cryptographic Testing

Hardens cryptographic implementations by applying Google's Wycheproof test vectors to detect known vulnerabilities and edge-cases.

Solana Vulnerability Scanner

Scans Solana and Anchor programs for critical security vulnerabilities to ensure smart contract integrity.

OSS-Fuzz Integration

Integrates Claude Code with OSS-Fuzz to automate continuous fuzzing and identify memory safety vulnerabilities in open-source projects.

Audit Context Builder

Performs granular, line-by-line code analysis to establish deep architectural context for security audits and bug hunting.

Testing Automation Workflow

Orchestrates comprehensive unit, integration, and end-to-end testing cycles with seamless CI/CD integration.

Chaos Engineering Setup

Implements robust chaos engineering practices and tools to validate system resilience and fault tolerance through controlled experimentation.