Security & Testing Claude 技能

Local E2E Testing Workflow

Automates full-stack E2E testing by integrating local frontend and backend services without using mock data.

Automated Browser UI Verification

Verifies UI changes automatically in a real browser to ensure frontend integrity and catch visual regressions during development.

clj-kondo Clojure Linter

Analyzes Clojure source code to detect syntax errors, enforce best practices, and implement domain-specific linting rules through custom hooks.

Security Research & Audit

Conducts comprehensive security reviews and threat modeling based on industry-standard frameworks like NIST and OWASP.

Testing Patterns

Implements standardized testing patterns for unit, integration, and E2E tests with built-in mocks for modern cloud services.

Theater Code Detection

Identifies non-functional code that appears complete but lacks operational logic to ensure production reliability.

Solidity Security

Implements secure smart contract patterns and audits Solidity code to prevent common blockchain vulnerabilities and exploits.

QA Screenshot Management

Standardizes screenshot capture, naming, and organization to ensure visual traceability and consistency during QA testing.

Ruzzy Rust Fuzzing

Automates Rust vulnerability discovery using the Ruzzy fuzzing framework to identify security flaws and crashes.

Frappe Integration Test Generator

Generates comprehensive integration tests for multi-DocType workflows and complex business processes in the Frappe Framework.

NERV LocalSend Connectivity Tester

Facilitates rapid peer discovery and LocalSend connectivity testing with integrated Italian voice announcements.

Sinatra Security Essentials

Hardens Ruby Sinatra applications using industry-standard security patterns for authentication, validation, and protection against common web vulnerabilities.

Narya Formal Proofs

Mechanically verifies event-sourced systems by generating cryptographic proof certificates for consistency, determinism, and data integrity.

Skill Isolation Tester

Validates Claude Code skills in isolated environments to identify hidden dependencies and environment-specific bugs before public release.

OAuth Implementation

Implements secure OAuth 2.0 and OpenID Connect authentication flows using standardized industry patterns and security best practices.

Move Smith Fuzzer

Implements differential fuzzing and property-based testing for Move smart contracts to identify consensus-breaking bugs and edge cases.

QA Test Management

Manages the end-to-end QA test lifecycle with automated naming conventions, directory structures, and traceability to requirements.

GitHub Repo Manager Self-Test

Executes and diagnoses the comprehensive test suite for the GitHub Repo Manager plugin to ensure reliable repository automation.

LocalSend Protocol Analysis

Analyzes LocalSend repositories using tree-sitter tagging, GitHub GraphQL snapshots, and protocol safety assessments.

Kolmogorov Codex Quest

Verifies multi-layer cryptographic identity proofs and orchestrates complex quest fulfillment within the Plurigrid ASI ecosystem.

JUnit Integration for Maven

Standardizes Maven integration testing using the Failsafe plugin and optimized build profiles to separate unit and integration test lifecycles.

AST-Grep Code Search

Performs sophisticated structural code searches and architectural analysis using Abstract Syntax Tree patterns.

macOS Keychain Secure

Secures sensitive credentials using the hardware-backed macOS Keychain with mathematically balanced GF(3) lifecycles.

RAG/CAG Security Patterns

Secures retrieval-augmented and cache-augmented generation systems through multi-tenant isolation, document-level access control, and prompt injection prevention.

Mutation Testing

Validates test suite effectiveness by introducing deliberate code mutations to identify logic gaps that traditional coverage metrics miss.

MITM Audit & Analysis

Monitors and reports man-in-the-middle (MITM) mentions and patterns across local repositories and history files.

IoT Device Provisioning

Manages secure provisioning, certificate installation, and network onboarding for TizenRT and ARTIK IoT devices.

QA Screenshot Validation

Validates UI screenshots for layout integrity, element clipping, and rendering issues with intelligent viewport handling.

Intent Sink Validator

Validates and sanitizes intent-centric architectures to ensure safety and well-formedness before execution.

Smart Contract Guidelines Advisor

Provides expert smart contract development advice and security reviews based on Trail of Bits' industry-standard best practices.