Security & Testing Claude 技能

Security Scanning & Audit Patterns

Automates comprehensive security vulnerability scanning, secret detection, and OWASP compliance auditing for multi-language codebases.

Testing & Benchmarking Infrastructure

Implements comprehensive testing suites with performance benchmarking to track regressions and ensure version-to-version consistency.

Permission Doctor

Diagnoses and audits Claude Code permission settings to identify security risks, syntax errors, and redundant configurations.

Systematic Debugging Framework

Implements a rigorous four-phase debugging methodology to identify root causes and ensure reliable software fixes.

Systematic Debugging

Enforces a rigorous four-phase framework to identify root causes and implement verified fixes for complex software issues.

JUnit Integration Testing for Maven

Standardizes Maven integration testing by configuring the Failsafe plugin, naming conventions, and dedicated build profiles.

Testing Blocks

Validates code changes in AEM Edge Delivery Services projects using a value-driven testing philosophy that balances durable unit tests with efficient browser-based UI validation.

Global Validation

Ensures robust data integrity by implementing multi-layered, allowlist-based validation and structured error handling across all system boundaries.

Test Writing Strategy

Develops focused, behavior-driven unit and integration tests that prioritize critical user flows and fast execution.

Frontend Accessibility

Implements WCAG-compliant web interfaces using semantic HTML, ARIA attributes, and robust keyboard navigation to ensure inclusive user experiences.

Reference and Fixture Manager

Maintains consistency and prevents duplication in AI coding tasks by managing and loading existing reference materials and test fixtures.

CUI HTTP Testing Standards

Streamlines HTTP client testing in Java by enforcing CUI standards for MockWebServer and JUnit 5 integrations.

JavaScript Maintenance & Refactoring Standards

Enforces systematic standards for detecting technical debt, prioritizing refactoring tasks, and verifying JavaScript code quality.

Solidity Security

Implements industry-standard smart contract security patterns and prevents common vulnerabilities in Solidity development.

Workflow Verifier

Verifies AI-generated workflow outputs and artifacts using a hybrid approach of structural scripts and LLM-as-judge assessments.

CI/CD Secrets Management

Implements enterprise-grade secrets management and rotation strategies for secure CI/CD pipelines.

Multi-System SSO Authentication

Implements secure enterprise Single Sign-On across multiple identity providers using JWT RS256 token validation, backward verification, and cross-system permission mapping.

Customer.io Security Basics

Implements secure Customer.io integrations through credential management, PII sanitization, and webhook verification.

Global Error Handling

Implements robust error management strategies including centralized handling, graceful degradation, and user-friendly messaging to ensure application stability and security.

Quality Gates

Automates code quality validation by detecting project stacks and executing standardized formatting, linting, type-checking, and testing workflows.

OpenRouter Compliance Review

Conducts comprehensive security audits and compliance assessments for OpenRouter API integrations to ensure enterprise-grade standards.

ShellCheck Configuration

Configures and implements ShellCheck static analysis to ensure high-quality, portable, and secure shell scripts.

PCI Compliance & Secure Payments

Secures payment systems by implementing PCI DSS requirements, including tokenization, encryption, and strict data handling protocols.

Vast.ai Enterprise RBAC & SSO

Configures enterprise-grade security for Vast.ai, including SAML/OIDC single sign-on and role-based access control.

Async Testing Expert

Implements comprehensive async Python testing patterns using pytest for FastAPI applications and database interactions.

CLI Testing Patterns

Standardizes CLI application testing across Node.js and Python using industry-standard frameworks and best practices.

Codebase Reviewer

Performs comprehensive, multi-dimensional codebase audits using parallel AI agents to identify architectural, security, and performance improvements.

Test Plan Generator

Generates intelligent, non-redundant test plans by analyzing code changes to ensure comprehensive coverage without over-testing.

TDD Master: t-wada Methodology

Implements rigorous Test-Driven Development using the Red-Green-Refactor cycle, triangulation, and baby-step methodologies.

Test Executor

Executes tests adaptively across any framework or language, analyzes failures, and generates detailed diagnostic reports to facilitate rapid iteration.