Security & Testing Claude 技能

Code Review Excellence

Enhances the code review process with systematic checklists, constructive feedback patterns, and language-specific best practices to improve code quality.

Agent Performance Evaluation

Builds robust evaluation frameworks and multi-dimensional rubrics to measure AI agent quality, accuracy, and efficiency.

Autonomous Error Recoverer

Automates the detection, classification, and resolution of errors encountered during AI-driven development sessions.

Gleam Testing Suite

Guides the creation of robust Gleam test suites using gleeunit and modern idiomatic assertion patterns.

API Fuzzing & Bug Bounty Security

Performs comprehensive API security assessments using advanced fuzzing, IDOR exploitation, and GraphQL vulnerability discovery techniques.

Permissions Configuration Wizard

Configures Claude Code tool permissions and security rules to control access to files, commands, and web tools.

.NET Test Triage

Streamlines .NET test failure analysis by capturing errors and generating focused rerun filters.

Clay Load & Scale

Optimizes Clay integrations through automated load testing, Kubernetes auto-scaling, and proactive capacity planning.

Broken Authentication Security Testing

Identifies and exploits authentication and session management vulnerabilities in web applications to prevent unauthorized access and account takeovers.

IDOR Vulnerability Testing Skill

Provides a systematic framework for detecting, exploiting, and remediating Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

Wireshark Traffic Analysis

Performs comprehensive network packet capture, filtering, and protocol analysis for troubleshooting and security investigations.

Jomonsho Release Preflight

Automates and standardizes the release verification process for Jomonsho projects through tiered linting, type-checking, and multi-level testing.

RSpec Matchers

Provides expert guidance on Ruby testing assertions, expectations, and the creation of custom RSpec matchers.

Security Scanning Tools

Provides expert guidance and command-line patterns for network discovery, vulnerability assessment, and security auditing across diverse environments.

Pentest Commands Reference

Provides a comprehensive command reference for penetration testing tools including network scanning, exploitation, and vulnerability assessment.

SSH Penetration Testing

Conducts comprehensive security assessments of SSH services including enumeration, credential attacks, and vulnerability exploitation.

Browser E2E Tester

Verifies feature implementation through automated browser-based end-to-end testing and acceptance criteria validation.

SQL Injection Security Testing

Conducts comprehensive SQL injection vulnerability assessments to identify, exploit, and remediate database security flaws in web applications.

Privilege Escalation Methods

Provides specialized techniques and command patterns for escalating system privileges from low-level access to root or administrator status.

Web Application Testing

Automates and validates local web applications using Playwright for end-to-end testing and UI debugging.

HTML Injection Security Testing

Identifies and exploits HTML injection vulnerabilities to secure web applications against content manipulation and phishing attacks.

Automated Code Fixer

Executes targeted code fixes for issues identified in prior reviews using parallel subagents and automated verification.

Error Recoverer

Automates error detection, classification, and recovery to maintain continuous and resilient autonomous coding sessions.

Verification Before Completion

Enforces rigorous, evidence-based verification protocols before allowing any claims of task completion or code success.

CUI Java Unit Testing Expert

Standardizes and automates high-quality unit testing for CUI Java projects using JUnit 5 and specialized generator frameworks.

CTO Codebase Audit

Performs comprehensive, expert-level assessments of software architecture and code quality to identify technical risks and scaling opportunities.

Automated Code Verification

Automates code verification by suggesting and running context-aware tests, lints, and syntax checks after every modification.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure high-quality code through mandatory test-first implementation.

Guardrails & Safety Instrumentation

Implements comprehensive input and output safety checks to secure AI agent interactions and protect sensitive data.

Web Application Testing

Automates local web application testing and debugging using Playwright for comprehensive frontend verification and UI interaction.