Security & Testing Claude 技能

Security Scanner

Audits Claude Code plugins and skills for malicious code and harmful natural language instructions using AI semantic analysis.

User Activity Auditor

Audits and reports on specific user actions across cloud resources to ensure security, accountability, and compliance.

Skill Security Analyzer

Decompiles freeform SKILL.md files into machine-auditable structures to perform automated security audits and risk scoring.

Security Scan for Claude Code

Audits Claude Code configurations and MCP servers for security vulnerabilities, misconfigurations, and injection risks using AgentShield.

Tizen CVE Security Scanner

Identifies known vulnerabilities in Tizen application dependencies and kernel versions using the OpenCVE database and Samsung security updates.

Fuzzing Harness Writing

Develops high-performance fuzzing harnesses to identify security vulnerabilities and edge-case crashes in software codebases.

Token Integration Analyzer

Analyzes token implementations and integrations for security vulnerabilities, ERC compliance, and non-standard behavioral patterns using Trail of Bits expertise.

Fuzzing Obstacles & Effectiveness

Identifies and overcomes common fuzzing bottlenecks to improve software security testing coverage and bug discovery.

Tizen Security Compliance

Maps security requirements to implementation and coordinates compliance against international standards for Tizen and IoT applications.

Fuzzing Dictionary Generator

Enhances security testing performance by building specialized dictionaries of magic values and syntax tokens for coverage-guided fuzzers.

Semgrep Static Analysis

Performs high-speed static analysis and security scanning to identify vulnerabilities and enforce custom code patterns.

Semgrep Rule Creator

Generates custom Semgrep rules to detect security vulnerabilities and logic bugs within source code.

Skill Reviewer

Maintains high quality standards for Claude Code skills through systematic auditing and a comprehensive 10-point quality checklist.

Security Engineer

Implements robust security best practices and protection patterns across the entire application stack.

Token Security Analyzer

Identifies blockchain token security risks, honeypots, and potential rug pulls by analyzing on-chain transaction patterns and liquidity.

WCAG Compliance Checker

Audits web applications for WCAG 2.1 Level AA compliance and provides detailed remediation guidance for accessibility violations.

Sinatra Security Essentials

Hardens Ruby Sinatra applications using industry-standard security patterns for authentication, validation, and protection against common web vulnerabilities.

Web Application Testing

Automates local web application testing and UI debugging using Playwright and integrated server lifecycle management.

clj-kondo Clojure Linter

Analyzes Clojure source code to detect syntax errors, enforce best practices, and implement domain-specific linting rules through custom hooks.

Regex Pattern Builder

Generates, explains, and tests complex regular expression patterns from natural language descriptions for multiple programming languages.

Web App Testing with Playwright

Automates and tests local web applications using the Playwright framework for robust end-to-end validation.

AFL++ Fuzzing

Performs comprehensive binary and source code fuzzing using the AFL++ framework to identify software vulnerabilities.

fnox Secrets Management

Manages encrypted secrets using age encryption and DuckDB-based catalogs within a triadic GF(3) framework.

Property-Based Test Generator

Generates robust property-based tests to uncover edge cases and validate logical invariants across Python, JavaScript, and Haskell projects.

Algorand Vulnerability Scanner

Audits Algorand smart contracts to detect critical security vulnerabilities and logic flaws in TEAL or PyTeal code.

Business Logic Evaluator

Evaluates complex business logic, state machines, and product rule compliance within automated development loops.

Verified Completion Gate

Enforces a strict evidence-based protocol that requires fresh command verification before any coding task is claimed as complete.

Verification & Quality Assurance

Ensures codebase reliability through real-time truth scoring, automated code verification, and an intelligent rollback system.

Polar Integration Validator

Validates and secures Polar.sh billing integrations by checking webhooks, signatures, and environment configurations.

Security Implementation Guide

Implements production-ready security patterns to protect web applications against common vulnerabilities like XSS, CSRF, and SQL injection.