Security & Testing Claude 技能

Secure Credential Storage

Implements secure patterns for managing and rotating GitHub App credentials across diverse CI/CD and infrastructure environments.

Kubernetes RBAC Security Templates

Secures Kubernetes clusters by enforcing OPA-based RBAC policies that prevent privilege escalation and wildcard permissions.

Groq Enterprise RBAC & SSO

Configures enterprise-grade access control, SSO integration, and organization management for Groq environments.

Secure Environment Protection Patterns

Implements robust deployment protection for GitHub Actions using environment approval gates, wait timers, and branch-specific policies.

OPA Policy Templates for Kubernetes

Implements 20 production-ready OPA Gatekeeper constraint templates for Kubernetes admission control and resource governance.

CLI Testing Strategies

Implements a comprehensive testing pyramid for CLI applications using standardized unit, integration, and E2E patterns.

GitHub Runner Security Overview

Analyzes threat models and secure deployment patterns for self-hosted GitHub Actions runners to prevent infrastructure compromise.

SDLC Security Implementation Roadmap

Guides a 90-day phased rollout of secure software development lifecycle controls and automated enforcement patterns.

Kyverno Policy Templates

Simplifies Kubernetes security and compliance by providing 28 production-ready Kyverno policy templates for admission control.

GitHub Actions Trigger Security

Secures GitHub Actions workflows by implementing safe trigger patterns for pull requests and forks to prevent privilege escalation and secret exfiltration.

Chaos Experiment Design

Guides the creation of structured chaos engineering experiments by defining hypotheses, success criteria, and blast radius controls.

Secure Secret Management for GitHub Actions

Implements secure credential management, storage hierarchies, and OIDC authentication patterns within GitHub Actions workflows.

GitHub Secret Scanning Integration

Automates the configuration of GitHub secret scanning and push protection to prevent sensitive credential leaks in development workflows.

OPA Kubernetes Pod Security Templates

Enforces Kubernetes security policies using OPA to prevent privileged container execution and restrict dangerous Linux capabilities.

GKE Security Hardening Guide

Implements production-grade security controls for Google Kubernetes Engine using Pulumi and defense-in-depth patterns.

Kyverno Pod Security Templates

Enforces Kubernetes Pod Security Standards and privilege restrictions using Kyverno policies to secure containerized workloads.

Policy-as-Code Template Library

Deploys production-ready security and governance policies for Kubernetes using Kyverno and OPA Gatekeeper.

Kubernetes Secure-by-Design Patterns

Implements secure-by-design architecture patterns for Kubernetes environments using zero-trust and defense-in-depth principles.

Multi-Source Policy Aggregator

Aggregates distributed Kyverno policies into a unified enforcement layer using multi-stage OCI container builds.

GitHub Token Permissions Security

Implements least-privilege security for GitHub Actions by configuring explicit GITHUB_TOKEN permissions and reducing attack surfaces.

GitHub Actions Security Cheat Sheet

Secures CI/CD pipelines with copy-pasteable patterns for SHA pinning, token permissions, and workflow hardening.

Clerk Security Basics

Implements enterprise-grade security best practices and hardening for Clerk authentication in Next.js applications.

Exa Load & Scale

Optimizes Exa API integrations through automated load testing, Kubernetes auto-scaling configurations, and capacity planning strategies.

Clerk Session & Middleware Workflow

Secures Next.js applications by implementing Clerk-based session management, advanced middleware route protection, and JWT token refresh logic.

Branch Protection Enforcement

Implements automated GitHub branch protection patterns and drift detection to ensure robust organizational security compliance.

GitHub Actions Security Hub

Implements hardened security patterns for GitHub Actions workflows, including SHA pinning, least-privilege permissions, and OIDC federation.

Intent-Based Spec Tests

Implements natural language specification testing using Claude as a judge to ensure code aligns with business intent and user requirements.

Perplexity Policy & Guardrails

Implements automated linting, security guardrails, and policy enforcement for Perplexity AI integrations.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all implementation work is verified by failing tests before production code is written.

CORS Policy Validator

Ensures secure web communications by validating and configuring Cross-Origin Resource Sharing (CORS) policies according to industry standards.