Security & Testing Claude 技能

Test Fixture Skill

Provides a lightweight framework for fixture-based testing and comprehensive validation within the Vibe Agent Toolkit.

Deterministic Testing & Validation

Provides deterministic test fixtures and comprehensive validation for portable AI agent development.

Wireshark Traffic Analysis

Performs comprehensive network packet capture, filtering, and protocol analysis for troubleshooting and security investigations.

IDOR Vulnerability Testing Skill

Provides a systematic framework for detecting, exploiting, and remediating Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

Broken Authentication Security Testing

Identifies and exploits authentication and session management vulnerabilities in web applications to prevent unauthorized access and account takeovers.

SDD Implementation Fidelity Review

Reviews implementation fidelity against specifications by comparing actual code to requirements and identifying deviations.

API Fuzzing & Bug Bounty Security

Performs comprehensive API security assessments using advanced fuzzing, IDOR exploitation, and GraphQL vulnerability discovery techniques.

Data Quality Expert

Ensures data integrity and reliability using dbt tests, Great Expectations, and advanced monitoring strategies.

Agent Performance Evaluation

Builds robust evaluation frameworks and multi-dimensional rubrics to measure AI agent quality, accuracy, and efficiency.

Network 101: Service Lab Configuration

Configures and tests core network services like HTTP, HTTPS, SNMP, and SMB for penetration testing labs and security research.

Bitwarden for Claude Code

Manages secure passwords, secrets, and vault items directly through Claude Code using the Bitwarden CLI.

Privacy Review & Secret Scanner

Audits git repositories for sensitive data exposure to prevent accidental leaks of API keys, passwords, and credentials.

Testing Foundations

Implements industry-standard testing patterns and best practices to ensure high-quality code reliability and maintainable test suites.

Dependency Scanning Security Skill

Scans project dependencies for known vulnerabilities and security risks to ensure software supply chain integrity.

TCR Practice (Test && Commit || Revert)

Implements the high-discipline TCR workflow to enforce atomic code changes and guarantee a constant state of passing tests.

TDD Workflow

Enforces rigorous test-driven development practices with comprehensive coverage requirements across unit, integration, and E2E tests.

Hookify Rule Writing

Configures custom guardrails and automated notifications for Claude Code by defining event-driven patterns.

Auth Implementation Patterns

Implements secure access control systems using industry-standard JWT, OAuth2, and session management patterns.

JavaScript Testing Patterns

Implements robust testing strategies for JavaScript and TypeScript applications using industry-standard frameworks and advanced mocking patterns.

Senior QA & Test Automation

Automates the creation, analysis, and scaffolding of comprehensive test suites for modern web applications and microservices.

Shell Testing with Bats

Masters the Bash Automated Testing System (Bats) to create robust, production-grade test suites for shell scripts and utilities.

LLM Evaluation & Benchmarking

Implements comprehensive evaluation frameworks for LLM applications using automated metrics, human-in-the-loop feedback, and statistical A/B testing.

Firebase Authentication

Simplifies the integration of secure user authentication flows including OAuth, email/password, and phone verification using Firebase.

Automated Bug Reporting

Automates technical bug investigation and generates standardized markdown reports using AI subagents.

Scale Game Problem Solving

Exposes architectural weaknesses and fundamental truths by stress-testing software concepts at extreme theoretical scales.

Cloudflare Turnstile Integration

Implements privacy-first bot protection and CAPTCHA alternatives for web forms, logins, and API endpoints.

Better Auth for TypeScript & Cloudflare

Implements secure, self-hosted authentication for TypeScript applications with specialized support for Cloudflare Workers and D1 databases.

TDD Red-Green-Refactor

Enforces a strict Test-Driven Development workflow using Vitest to ensure every code change is validated by failing tests first.

Supabase Auth SSR Setup

Configures secure authentication for Next.js App Router applications using Supabase SSR with cookie-based sessions and middleware protection.

QA & Verification Expert

Orchestrates comprehensive quality assurance through criteria design, qualitative assessment, and multi-mode verification workflows.