Security & Testing Claude 技能

Apex Ship

Automates adversarial code reviews, git commits, and task reflections to ensure high-quality production deployments.

macOS Desktop Automation

Automates native macOS application testing and desktop workflows using Hammerspoon and system-level input simulation.

PopKit Validation Engine

Validates PopKit plugin integrity through a structured Scan-Compare-Report-Apply workflow to ensure component consistency.

Systematic Debugging

Implements a rigorous four-phase framework that enforces root cause investigation before applying fixes to complex bugs or test failures.

Web Application Testing

Automates local web application testing and UI debugging using Playwright and integrated server management scripts.

Deep System Analysis

Conducts systematic investigations into codebases to identify root causes, architectural patterns, and performance bottlenecks.

Global Error Handling

Implements comprehensive error management strategies including user-friendly messaging, custom exception types, and resilient recovery patterns.

Infrastructure Security Hardening

Hardens cloud infrastructure and Kubernetes environments using CIS benchmarks, secure configuration patterns, and automated vulnerability scanning.

Secrets Guardian

Secures codebases by preventing accidental credential leaks through automated scanning and pre-commit hook integration.

Testing Core Patterns

Standardizes cross-language testing strategies including unit, integration, and E2E patterns for robust software delivery.

Systematic Debugging

Enforces a rigorous four-phase framework to identify root causes and verify solutions for complex software bugs and test failures.

Wolf Verification Framework

Implements a three-layer verification architecture to eliminate hallucinations and ensure factual accuracy through systematic claim validation.

Journey Mapping & Gherkin BDD

Translates high-level feature concepts into structured user journeys and testable, declarative Gherkin BDD scenarios.

Comprehensive Code Review

Performs a rigorous 7-point code audit covering security, performance, and maintainability to ensure production-grade software quality.

Auto Testing

Automatically generates and executes comprehensive test suites after every code modification to ensure application stability.

Root Cause Tracing

Systematically identifies the origin of deep-seated bugs by tracing execution flow backward through the call stack to the original trigger.

Test-Driven Development (TDD)

Enforces a disciplined red-green-refactor workflow by automating test-first development requirements and coverage gate configuration.

User-Scoped Data Filtering

Implements secure multi-tenant data access patterns and ownership verification using Python, FastAPI, and SQLAlchemy.

Test Data Generation

Provides standardized patterns and implementation guidance for creating realistic, maintainable test data using industry-standard factory libraries.

GKE Runtime Security

Enforces GKE workload security through Pod Security Standards, admission controllers, and real-time behavioral monitoring with Falco.

Secure Code & Supply Chain

Identifies and remediates security vulnerabilities, manages SBOMs, and secures software supply chains using automated scanning and best practices.

Go Security Tooling

Implements standard, OpenSSF-certified Go security workflows using race detection, linting, and vulnerability scanning.

Automated Security Enforcement

Implements mandatory security guardrails and policy-as-code to ensure audit-ready compliance across the development lifecycle.

Secure Credential Storage

Implements secure patterns for managing and rotating GitHub App credentials across diverse CI/CD and infrastructure environments.

Test Coverage Analysis

Analyzes code coverage metrics, identifies testing gaps, and provides actionable recommendations to improve software quality.

GitHub Action SHA Pinning Guide

Secures CI/CD pipelines by enforcing immutable SHA-256 commit pinning for GitHub Actions to prevent supply chain attacks.

Kubernetes RBAC Security Templates

Secures Kubernetes clusters by enforcing OPA-based RBAC policies that prevent privilege escalation and wildcard permissions.

External Reference Detection

Identifies and manages external file references and script dependencies across diverse system paths.

Expert Panel Analysis

Diagnoses complex technical issues and prompt failures by convening a panel of specialized expert personas to provide multi-faceted troubleshooting and actionable solutions.

Security Review & Vulnerability Analysis

Conducts deep adversarial security audits of API endpoints, UI flows, and database interactions to identify and fix vulnerabilities.