Security & Testing Claude 技能

Insecure Defaults Detector

Audits codebase for fail-open security vulnerabilities and weak default configurations that risk production exposure.

Wycheproof Crypto Validator

Validates cryptographic implementations using extensive test vectors to protect against known attacks and edge cases.

TON Smart Contract Security Scanner

Audits TON blockchain smart contracts written in FunC to identify and remediate platform-specific security vulnerabilities.

Fix Review

Verifies that security audit remediation commits correctly address findings without introducing new bugs.

AFL++ Fuzzing Handbook

Implements advanced multi-core fuzzing for C/C++ projects using AFL++ to identify security vulnerabilities and memory corruption bugs.

Substrate Vulnerability Scanner

Scans Substrate FRAME pallets for critical vulnerabilities including arithmetic overflows, panic-driven DoS, and incorrect weight calculations.

Constant-Time Cryptography Testing

Detects and remediates timing side-channel vulnerabilities in cryptographic implementations to prevent secret data leakage.

Solana Vulnerability Scanner

Scans Solana and Anchor programs to identify and remediate critical security vulnerabilities including arbitrary CPI and improper PDA validation.

Semgrep Static Analysis

Scans codebases for security vulnerabilities, bugs, and style violations using fast, pattern-based static analysis.

Audit Prep Assistant

Prepares codebases for professional security reviews by automating static analysis, increasing test coverage, and generating comprehensive technical documentation.

Bug Finder & Security Auditor

Audits local code changes for security vulnerabilities, logic bugs, and quality issues using a rigorous multi-phase inspection process.

Cargo Fuzz for Rust

Automates fuzz testing for Rust projects using libFuzzer to identify memory leaks, crashes, and edge-case vulnerabilities.

AddressSanitizer (ASan) Memory Detection

Detects memory corruption bugs like buffer overflows and use-after-free errors during C/C++ fuzzing and software testing.

libFuzzer C/C++ Fuzzing

Implements coverage-guided fuzz testing for C and C++ projects using the LLVM-integrated libFuzzer toolchain.

Smart Contract Guidelines Advisor

Analyzes smart contract codebases to provide security-focused architectural reviews and documentation based on Trail of Bits' best practices.

Smart Contract Entry Point Analyzer

Analyzes smart contract codebases to identify and categorize state-changing entry points for security auditing and attack surface mapping.

Atheris Python Fuzzing

Implements coverage-guided fuzzing for Python code and C extensions to detect memory corruption and logic vulnerabilities.

Token Integration Analyzer

Analyzes smart contract token implementations and integrations for security vulnerabilities and non-standard ERC20/ERC721 behaviors.

Security Reviewer

Conducts systematic, high-confidence security audits to identify exploitable vulnerabilities like injection, XSS, and authentication flaws.

Coverage Analysis for Fuzzing

Analyzes code execution during fuzzing to identify performance bottlenecks, magic value blockers, and areas for harness improvement.

Firebase APK Security Scanner

Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, and authentication vulnerabilities.

Test-Driven Development (TDD) Pro

Enforces a strict Red-Green-Refactor workflow to ensure high-quality, verified production code through test-first implementation.

Spec-to-Code Compliance Checker

Audits blockchain codebases against technical specifications and whitepapers to identify implementation gaps and logic divergences.

Audit Context Builder

Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.

Agent Performance Evaluation

Implements robust evaluation frameworks and multi-dimensional rubrics to measure the quality, accuracy, and efficiency of AI agent systems.

OWASP Top 10 Security Audit

Audits source code for the most critical web application security risks with actionable remediation patterns and checklists.

Secure Coding Practices

Implements robust security patterns including input validation, secrets management, and secure authentication to protect applications from common vulnerabilities.

TDD Red-Green-Refactor Workflow

Guides the implementation of Test-Driven Development using the Red-Green-Refactor cycle and industry-standard testing patterns.

Test Design Patterns

Implements industry-standard testing strategies and patterns to improve code quality and test suite reliability.

Kosmos E2E Testing Suite

Automates comprehensive end-to-end testing for the Kosmos autonomous AI scientist project across local and cloud LLM providers.