Security & Testing Claude 技能

Technical Design & Architecture

Enforces production-ready architecture patterns, secure environment management, and rigorous quality standards for TypeScript projects.

Eval Harness

Implements an Eval-Driven Development (EDD) framework to measure and improve AI coding reliability through structured testing and metrics.

Idiomatic Go Testing & TDD

Implements professional Go testing patterns including table-driven tests, fuzzing, benchmarks, and TDD workflows.

TypeScript Testing Runner

Executes and reports on TypeScript unit and integration tests using a dedicated subagent for enhanced reliability and safety.

API Contract Validator

Validates API contracts using consumer-driven testing and OpenAPI specifications to ensure service compatibility and prevent breaking changes.

Pytest & Jest Code Testing

Generates and executes comprehensive unit and integration tests using pytest and Jest frameworks with built-in coverage reporting.

Prompt Performance Testing

Measures and compares prompt efficacy through A/B testing, performance metrics, and detailed analytical reports.

Unit Test Loop

Automates the iterative cycle of identifying coverage gaps, writing focused unit tests, and maintaining code quality through integrated reviews.

Test Environment Manager

Provisions and manages isolated test environments to streamline automated testing and reporting workflows.

Rust Testing Best Practices

Enforces standardized unit testing patterns and implementation rules for robust Rust applications.

AI Pilot: Code Elicitation & Self-Review

Empowers AI agents to self-review and correct code using 75 specialized techniques before final validation.

React Component Tester

Automates the creation, execution, and analysis of comprehensive UI component tests using Vitest and React Testing Library.

Codex External Review

Requests a second perspective from OpenAI's Codex models to identify gaps, risks, and architectural flaws in technical designs and implementations.

AI Security Guardrails

Implements multi-layered security architectures and ethical quality controls for AI agents and prompts.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure high-quality, verified code implementation.

SMTP Security Penetration Testing

Conducts thorough security assessments of SMTP servers to identify vulnerabilities like open relays, user enumeration, and weak authentication.

Prompt Library

Provides a comprehensive collection of over 18 optimized prompt templates and executable agents for specialized cognitive tasks.

Pentest Command Reference

Provides a comprehensive library of essential penetration testing commands for network scanning, exploitation, and vulnerability assessments.

Pentest Command Reference

Provides a comprehensive library of penetration testing commands and workflows for security professionals using industry-standard tools.

Wireshark Network Traffic Analysis

Analyzes network traffic using Wireshark to troubleshoot connectivity, optimize performance, and investigate security incidents.

Agent Evaluation

Evaluates and benchmarks LLM agents using statistical testing, behavioral contracts, and reliability metrics to ensure production readiness.

IDOR Vulnerability Testing

Conducts comprehensive security audits to identify and remediate Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

Web Application Testing

Automates frontend testing and browser interactions for local web applications using Playwright scripts.

Web Permission & Security Manager

Analyzes and consolidates WebFetch domain permissions with automated security research and validation for Claude Code.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure high-quality, verified code through test-first implementation.

Security Scanner

Scans source code for security vulnerabilities and provides actionable remediation patterns based on industry standards.

PR Quality Analyzer

Automates the assessment of pull requests to ensure code quality, security compliance, and architectural integrity before merging.

Vulnerability Patterns: Core

Detects universal security vulnerabilities and hardcoded secrets across all programming languages using standardized regex patterns.

Systematic Debugger

Implements a structured, scientific approach to identify, isolate, and resolve software bugs efficiently.

Testing Strategies

Design and implement comprehensive test suites including unit, integration, and E2E tests across multiple programming languages.