Security & Testing Claude 技能

Bats Shell Testing Patterns

Master the Bash Automated Testing System (Bats) to create comprehensive, production-grade unit tests for shell scripts and CI/CD pipelines.

Identity & Authentication

Manage identity lifecycles, authentication protocols, and authorization policies using Keycloak, OPA, and HashiCorp Vault.

Web Console Debugger

Automatically captures and analyzes browser console errors to streamline web application debugging and error resolution.

Release Wolf - Production Readiness Check

Automates pre-deployment QA gates by scanning for secrets, auditing performance, verifying links, and performing visual regression checks.

Scale Game Problem Solving

Stress-tests software architecture and logic by simulating extreme operational scales to identify hidden vulnerabilities and scalability bottlenecks.

Verification Before Completion

Enforces a rigorous final quality gate for code changes through mandatory testing, documentation, and requirement validation.

Go Testing & Best Practices

Implements idiomatic Go test suites using table-driven patterns, subtests, and performance benchmarks.

Verification Before Completion

Enforces a rigorous quality gate and multi-point checklist to ensure tasks are fully tested, documented, and requirement-compliant before completion.

Systematic Debugging

Troubleshoots and resolves software defects using a structured diagnostic process and regression testing.

Cassandra Test Data Management

Generates and validates production-grade Cassandra 5.0 test data using Docker-based workflows for SSTable parsing and integration testing.

Test Organization & Patterns

Enforces standardized test file structures, naming conventions, and Jest implementation patterns for JavaScript and React projects.

Kyverno Admission Control & Runtime Security

Secures Kubernetes clusters by deploying Kyverno admission controllers and policy reporters to enforce compliance at runtime.

QA Audit for Claude Code Cloud

Automates comprehensive QA audits and regression testing for the Claude Code Cloud web application to ensure UI stability and flow integrity.

Advanced Compliance & Audit Evidence

Automates audit evidence collection and compliance validation for SLSA and OpenSSF standards.

JWT Authentication for GitHub Apps

Generates JSON Web Tokens (JWTs) for GitHub App authentication, installation management, and discovery workflows.

Runner Group Management

Implements strategic organization and security boundaries for GitHub Actions self-hosted runners to prevent lateral movement and repository compromise.

Secret Rotation Patterns

Automates credential lifecycle management and zero-downtime secret rotation within GitHub Actions workflows.

CLI Testing Strategies

Implements a comprehensive testing pyramid for CLI applications using standardized unit, integration, and E2E patterns.

GitHub Actions Trigger Security

Secures GitHub Actions workflows by implementing safe trigger patterns for pull requests and forks to prevent privilege escalation and secret exfiltration.

OPA Policy Templates for Kubernetes

Implements 20 production-ready OPA Gatekeeper constraint templates for Kubernetes admission control and resource governance.

Secure Secret Management for GitHub Actions

Implements secure credential management, storage hierarchies, and OIDC authentication patterns within GitHub Actions workflows.

GitHub OAuth Authentication

Implements secure OAuth flows for GitHub Apps to enable user-context operations, device-based CLI authorization, and token management.

GitHub Runner Security Overview

Analyzes threat models and secure deployment patterns for self-hosted GitHub Actions runners to prevent infrastructure compromise.

Policy-as-Code Template Library

Deploys production-ready security and governance policies for Kubernetes using Kyverno and OPA Gatekeeper.

SDLC Security Implementation Roadmap

Guides a 90-day phased rollout of secure software development lifecycle controls and automated enforcement patterns.

Kubernetes Runtime Security Enforcement (Phase 3)

Hardens Kubernetes production environments through runtime policy enforcement, image verification, and resource constraints using Kyverno.

SDLC Security Foundation (Phase 1)

Establishes essential SDLC security controls including secrets detection, branch protection, and commit verification to create a secure development environment.

Kyverno Policy Templates

Simplifies Kubernetes security and compliance by providing 28 production-ready Kyverno policy templates for admission control.

Chaos Experiment Design

Guides the creation of structured chaos engineering experiments by defining hypotheses, success criteria, and blast radius controls.

GitHub Self-Hosted Runner Hardening

Secures self-hosted GitHub Actions runners using OS-level hardening, network isolation, and credential protection to prevent infrastructure compromise.