Security & Testing Claude 技能

Privacy & Consent Compliance

Implements privacy-first development patterns to ensure GDPR and CCPA compliance through automated consent management and data minimization.

QA Strategy & Quality Metrics

Guides the implementation of robust testing pyramids and software maintainability metrics to reduce technical debt and improve code health.

TypeScript Component Testing

Implements robust, accessible UI component tests using React Testing Library and modern TypeScript patterns.

Red/Blue Team Validator

Stress-tests decisions, strategies, and architectures through iterative adversarial Red/Blue team simulations to uncover and mitigate vulnerabilities.

Firebase Authentication Patterns

Implements secure Firebase Authentication flows including OAuth, session management, and server-side protected routes.

TypeScript Component Testing

Implements industry-standard Jest, Vitest, and React Testing Library patterns to ensure robust, accessible frontend components.

MCP Protocol Compliance Testing

Validates Model Context Protocol (MCP) implementations for JSON-RPC 2.0 compliance, schema integrity, and async execution reliability.

Access Control Patterns

Implements secure authorization logic by auditing and applying RBAC, ABAC, and IDOR prevention patterns.

Python Code Review & Linting

Automates Python code analysis to enforce security standards, fix anti-patterns, and maintain strict linting using Ruff and Mypy.

Authentication & Session Security

Secures applications by implementing JWT validation, OAuth2 flows, and robust session management patterns.

Security Testing

Hardens software applications by providing comprehensive security auditing, vulnerability scanning, and penetration testing guidance.

LSP Type Safety Checker

Verifies code type safety and function signature compatibility using Language Server Protocol data to prevent runtime errors.

UI Visual Validator

Performs rigorous visual testing and design system compliance checks to ensure UI modifications meet pixel-perfect and accessibility standards.

Token Integration Analyzer

Analyzes smart contract token implementations and integrations for security vulnerabilities and non-standard ERC20/ERC721 behaviors.

Security Reviewer

Conducts systematic, high-confidence security audits to identify exploitable vulnerabilities like injection, XSS, and authentication flaws.

Windows Privilege Escalation Expert

Provides expert guidance and automated command patterns for escalating privileges on Windows systems during security audits.

Pytest Modern Test Patterns

Implements high-quality Python testing suites using modern pytest structures, the AAA pattern, and advanced fixture management.

AI Security & Pentesting Toolkit

Conducts automated security audits and penetration tests using AI-driven discovery, vulnerability scanning, and structured analysis.

Comprehensive Code Review

Performs a rigorous 7-point code audit covering security, performance, and maintainability to ensure production-grade software quality.

Forensic Analyst

Conducts comprehensive digital forensics investigations, reconstructs attack timelines, and analyzes system artifacts using LimaCharlie's security operations capabilities.

Linux Privilege Escalation

Conducts systematic security assessments to identify and exploit privilege escalation vectors on Linux systems.

Advanced JS Mocking Patterns

Master complex testing scenarios in Jest and Vitest using advanced module mocking, spies, and temporal control techniques.

Test Execution Manager

Orchestrates automated test suites using subagents with intelligent incremental timeout escalation and comprehensive coverage verification.

Web3 & Smart Contract Security

Audits and identifies vulnerabilities in smart contracts and Web3 applications using expert penetration testing techniques.

Phishing and Social Engineering Toolkit

Conducts authorized social engineering assessments, phishing simulations, and credential harvesting to test organizational security awareness.

Eval Harness for Claude Code

Implements a formal Eval-Driven Development (EDD) framework to ensure AI-generated code meets quality standards and avoids regressions.

TDD Workflow & Test Automation

Enforces rigorous test-driven development practices and high code coverage standards to ensure reliable software delivery.

Verification Loop

Automates a multi-phase quality assurance workflow to validate builds, types, tests, and security before code submission.

AWS Penetration Testing & Security Audit

Conducts comprehensive security assessments and penetration testing across Amazon Web Services environments to identify vulnerabilities and privilege escalation paths.

XSS & HTML Injection Security Testing

Identifies and exploits Cross-Site Scripting (XSS) and HTML injection vulnerabilities using advanced detection and bypass techniques.