Security & Testing Claude 技能

Systematic Debugging

Orchestrates a rigorous four-phase root cause analysis process to identify, isolate, and permanently resolve software bugs.

Testing Strategy & Best Practices

Standardizes test implementations across Vitest, Playwright, and pytest to ensure high-quality, reliable software delivery.

Rust Test Workflow

Executes and reports on Rust unit, integration, and documentation tests using a specialized subagent for structured validation.

Node.js Testing Strategy

Implements standardized testing conventions and patterns for Node.js, Express, and NestJS applications using Jest, Vitest, and Supertest.

Solidity Function Audit Eval

Automates multi-stage Solidity smart contract audits for CI/CD and evaluation pipelines using Claude Code.

Active Directory Attack & Security Testing

Provides a comprehensive suite of techniques and command references for auditing and testing Microsoft Active Directory environments.

Structured Troubleshooting & Debugging

Implements a disciplined, multi-phase methodology to systematically diagnose and resolve complex software bugs and performance bottlenecks.

IDOR Vulnerability Testing

Conducts comprehensive security audits to identify and remediate Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

Verification Before Completion

Validates that tasks are genuinely resolved through a rigorous multi-level verification protocol before marking them as done.

Test-Driven Development (TDD) Mastery

Enforces strict Red-Green-Refactor workflows to ensure high-quality, verified production code through a test-first approach.

Python Testing Strategy

Standardizes Python testing practices for FastAPI, Django, and Flask using modern pytest conventions and fixtures.

Rust Test-Driven Development

Enforces the Red-Green-Refactor cycle in Rust projects using cargo test to ensure high-quality, bug-free code through iterative testing.

Rust Testing Rules

Standardizes Rust unit and integration testing workflows by enforcing best practices for mocks, test structures, and the testing pyramid.

Java & Spring Boot Testing Strategy

Implements comprehensive Java and Spring Boot testing conventions using JUnit 5, Mockito, and Testcontainers.

Universal Testing Strategy

Provides language-agnostic testing principles to ensure robust, maintainable, and high-quality codebases.

Active Directory Security Auditor

Provides comprehensive guidance for evaluating and securing Microsoft Active Directory environments through authorized penetration testing techniques.

Web Application Testing

Automates the interaction and testing of local web applications using Playwright scripts and built-in server management.

WordPress Security & Pentesting

Performs comprehensive security assessments of WordPress installations through automated enumeration, vulnerability scanning, and exploitation workflows.

Metasploit Framework

Streamlines penetration testing workflows by providing expert guidance on vulnerability exploitation, payload generation, and post-exploitation using the Metasploit Framework.

Metasploit Framework Security

Automates and guides penetration testing workflows using the Metasploit Framework for vulnerability research and exploitation.

WordPress Penetration Testing

Performs comprehensive security audits and vulnerability assessments of WordPress installations using professional penetration testing methodologies.

Metasploit Framework Penetration Testing

Streamlines security assessments and ethical hacking workflows using the Metasploit Framework for vulnerability exploitation and post-exploitation.

WordPress Penetration Testing

Conducts comprehensive security audits and vulnerability assessments of WordPress installations using professional penetration testing methodologies.

Cloud Penetration Testing

Conducts comprehensive security audits and penetration tests across major cloud platforms including AWS, Azure, and GCP.

Cloud Penetration Testing & Security Audit

Conducts comprehensive security assessments and penetration tests across AWS, Azure, and Google Cloud Platform environments.

Agent Evaluation & Benchmarking

Evaluates and benchmarks LLM agents using behavioral testing, reliability metrics, and production monitoring to ensure consistent performance in real-world scenarios.

Verification Before Completion

Enforces a rigorous evidence-based protocol that requires fresh command output before any task is claimed as finished or fixed.

Ethical Hacking Methodology

Guides users through the complete penetration testing lifecycle from initial reconnaissance to professional security reporting.

Privilege Escalation Methods

Provides actionable techniques and command-line references for escalating user privileges on Linux and Windows systems.

API Security & Bug Bounty Fuzzing

Conducts comprehensive security assessments and vulnerability discovery for REST, SOAP, and GraphQL APIs.