Security & Testing Claude 技能

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure every line of production code is verified by a failing test first.

SSH Penetration Testing

Conducts comprehensive SSH security assessments including enumeration, credential attacks, and configuration auditing.

Keycloak Admin

Manages Keycloak identity services, including realm configuration, OAuth 2.0 setup, and user management via the Admin REST API.

SMTP Security & Penetration Testing

Performs comprehensive security assessments of SMTP servers to identify vulnerabilities like open relays, user enumeration, and weak authentication.

RSpec Test Framework

Automates the generation and execution of RSpec tests for Ruby applications with support for complex mocking and hooks.

xUnit Test Framework for .NET

Generates and executes xUnit tests for C# projects with integrated support for FluentAssertions and Moq.

Pentest Checklist & Security Planner

Guides users through a comprehensive, multi-phase methodology for planning, executing, and remediating professional penetration tests.

Better Auth Best Practices

Streamlines the integration and configuration of the Better Auth TypeScript framework within your software projects.

Windows Privilege Escalation Assistant

Provides systematic methodologies and commands for discovering and exploiting privilege escalation vulnerabilities on Windows systems during security audits.

TDD Test Agent

Generates comprehensive failing test suites across all architectural layers to define feature specifications before implementation begins.

Third-Party Action Risk Assessment

Evaluates the security posture of third-party GitHub Actions to prevent supply chain attacks and credential exfiltration in CI/CD pipelines.

Business Logic Implementer

Implements business logic use cases and API endpoints following strict Test-Driven Development (TDD) principles and Clean Architecture patterns.

File Path Traversal Security Testing

Performs comprehensive security audits to identify, exploit, and mitigate file path traversal and Local File Inclusion (LFI) vulnerabilities.

Windows Privilege Escalation Guide

Provides systematic methodologies and commands for discovering and exploiting privilege escalation vulnerabilities on Windows systems during security assessments.

SMTP Penetration Testing

Performs comprehensive security audits and vulnerability assessments on SMTP mail servers to identify misconfigurations and exposure risks.

Container Security Guide

Implements defense-in-depth security practices for containerized applications using vulnerability scanning, image hardening, and CIS benchmark compliance.

Network 101 Lab Setup

Configures and tests essential network services like HTTP, HTTPS, SNMP, and SMB for security research and penetration testing labs.

Verified Completion Guard

Enforces a strict evidence-first protocol by requiring verified command outputs before any claims of task completion or success.

Red Team & Bug Bounty Methodology

Automates professional reconnaissance and vulnerability discovery workflows using industry-standard red teaming tools and methodologies.

Test Plan Documentation

Generates structured E2E test plans with standardized templates and data-testid selectors for web application testing.

XSS & HTML Injection Security Testing

Conducts comprehensive security audits to identify, exploit, and remediate Cross-Site Scripting and HTML injection vulnerabilities in web applications.

Clerk Auth for Next.js

Implements secure Clerk authentication patterns for Next.js applications, including middleware protection and server-side session management.

Claude Skill Reviewer

Reviews and validates Claude skills against Anthropic's official design philosophy and best practices.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all production code is verified by failing tests before implementation.

Cloud Security & Penetration Testing

Conducts comprehensive security audits and penetration tests across AWS, Azure, and Google Cloud Platform to identify and remediate vulnerabilities.

API Security & Fuzzing Specialist

Automates and guides API security assessments to identify vulnerabilities like IDOR, injection, and authentication bypasses in REST, SOAP, and GraphQL interfaces.

Pentest Commands

Provides a comprehensive reference for penetration testing commands across network scanning, exploitation, and vulnerability assessment tools.

Network Security Lab Setup

Configures and tests network services like HTTP, HTTPS, SNMP, and SMB for security research and penetration testing environments.

Privilege Escalation Toolkit

Provides comprehensive, step-by-step techniques and commands for escalating privileges on Windows and Linux systems during penetration testing.

Privilege Escalation Methods

Provides expert techniques and commands for escalating user privileges on compromised Linux and Windows systems.