Security & Testing Claude 技能

Systematic Debugging

Implements a rigorous four-phase methodology to identify root causes and resolve technical issues without trial-and-error thrashing.

Burp Suite Web Security Testing

Performs comprehensive web application security audits by intercepting HTTP traffic, modifying requests, and identifying vulnerabilities using Burp Suite.

API Security Fuzzing & Bug Bounty Toolkit

Conducts comprehensive security assessments and fuzzing on REST, GraphQL, and SOAP APIs to identify vulnerabilities like IDOR, injection, and authentication bypasses.

Network Lab Configuration & Testing

Configures and tests essential network services like HTTP, HTTPS, SNMP, and SMB for security research and penetration testing lab environments.

Security Scanning Tools

Provides comprehensive command patterns and methodologies for industry-standard network discovery and vulnerability assessment tools.

Linux Privilege Escalation

Executes systematic assessments to identify and exploit security misconfigurations for elevating Linux user privileges to root-level control.

Ethical Hacking Methodology

Guides users through the complete penetration testing lifecycle using industry-standard tools and ethical frameworks.

Web Vulnerability Reference & Security Guide

Provides a comprehensive catalog of 100 critical web application vulnerabilities with detailed root causes, impacts, and remediation strategies.

Burp Suite Security Testing

Executes comprehensive web application security testing and vulnerability scanning using the industry-standard Burp Suite toolset.

Langfuse Agent Evaluation Setup

Automates the end-to-end setup of evaluation pipelines for AI agents using Langfuse observability and datasets.

Verified Completion Guard

Enforces a strict evidence-first protocol that requires running verification commands before claiming any task is complete or passing.

Goal-Driven E2E Evaluator

Evaluates user goals across UX, code, and infrastructure layers to identify and resolve root causes of system failures.

XSS and HTML Injection Security Testing

Automates the identification and exploitation of Cross-Site Scripting (XSS) and HTML injection vulnerabilities in web applications.

Agent Evaluation

Evaluates and benchmarks LLM agents using behavioral testing, reliability metrics, and adversarial strategies to ensure production readiness.

MCP Evaluation Framework

Evaluates Model Context Protocol (MCP) applications for product fit, value delivery, and user experience using automated persona-based walkthroughs.

MCP Authentication for OpenAI Apps SDK

Implements secure authentication patterns including OAuth 2.1 and API keys for Model Context Protocol (MCP) servers.

Bug Detector

Identifies logic errors, runtime exceptions, and unhandled edge cases to ensure production-grade code reliability.

Backend Readiness Framework

Conducts systematic production-readiness audits of backend systems across security, reliability, and performance layers.

Alpha Production Readiness Trace

Evaluates software readiness for alpha release by tracing end-to-end user flows from the UI to the backend to identify functional gaps.

Bead Review Auditor

Performs adversarial QA audits on bead-based task decompositions to ensure reliable autonomous agent execution.

UX Evaluator

Evaluates user experience, assesses production readiness, and identifies UI-to-backend gaps through structured auditing workflows.

AWS Penetration Testing

Performs comprehensive security assessments and penetration testing on Amazon Web Services infrastructure to identify vulnerabilities and privilege escalation paths.

Langfuse Schema Validator

Ensures consistency between Langfuse prompt output contracts and function schema definitions to prevent runtime failures.

Automated Technical Design Review

Conducts multi-perspective technical design reviews with parallel automated agents to gate implementation quality.

JUDO Access Manager API

Implements secure operation authorization, authentication interceptors, and signed identifier tracking within the JUDO Runtime Core framework.

Systematic Debugging

Implements a rigorous four-phase protocol to identify root causes and eliminate guess-and-check bug fixing.

Web App Testing with Playwright

Automates local web application testing and interaction using native Python Playwright scripts and managed server lifecycles.

Security Privilege Escalation Techniques

Provides comprehensive guidance and command syntax for identifying and exploiting privilege escalation vulnerabilities during authorized security assessments.

Shodan Reconnaissance & Pentesting

Performs advanced infrastructure reconnaissance and vulnerability discovery using the Shodan search engine.

Browser Testing with Bugster

Automates end-to-end testing of web applications using AI-powered test generation and execution via the Bugster CLI.