Security & Testing Claude 技能

Heap Spray Exploitation Analysis

Detects and analyzes heap spray attacks in memory dumps by identifying NOP sled patterns and suspicious memory allocations using Volatility3.

OAuth Security Assessment

Identifies and tests for OAuth 2.0 and OpenID Connect vulnerabilities including redirect URI manipulation and token leakage.

API Injection Security Tester

Tests and identifies critical injection vulnerabilities in APIs, covering SQL, NoSQL, SSRF, and command injection vectors.

Network Packet Analysis & Forensics

Performs deep packet inspection and forensic analysis of network traffic to identify security threats, data exfiltration, and malicious communications.

Patch Management Workflow Implementation

Streamlines the systematic process of identifying, testing, and deploying software updates to remediate vulnerabilities across IT infrastructure.

Network Threat Hunting

Detects and analyzes anomalous network connections to identify potential command-and-control activity and data exfiltration.

Attack Surface Management & EASM

Implements comprehensive external attack surface management to discover, fingerprint, and score the risk of internet-facing assets.

Authenticated Vulnerability Scanning

Performs deep-inspection security assessments using system credentials to identify patches, configurations, and hidden vulnerabilities.

GraphQL Security Auditor

Performs automated GraphQL schema extraction and vulnerability assessments to secure API endpoints against common attack vectors.

Ransomware Network Indicator Analysis

Detects and analyzes ransomware activity within network logs by identifying C2 beaconing, TOR connections, and data exfiltration patterns.

Container Escape Detection with Falco

Monitors and detects unauthorized container escape attempts in real-time using Falco runtime security rules and syscall analysis.

Serverless Function Security Hardening

Secures serverless compute platforms by implementing least-privilege IAM roles, secrets management, dependency scanning, and runtime monitoring.

AWS Config Compliance Implementation

Automates the deployment and management of AWS Config rules to ensure continuous resource compliance with CIS and PCI DSS frameworks.

Safe Skill Install

Secures your AI development environment by performing automated supply chain security scans on Claude Code skills before installation.

Go Code Coverage

Analyzes and reports test coverage for Go projects to identify testing gaps and ensure software reliability.

Temporal Security Configuration

Secures Temporal clusters using mTLS, role-based access control (RBAC), and network isolation policies.

Temporal Testing Strategies

Provides standardized implementation patterns and guidance for testing Temporal workflows, activities, and Nexus operations using the Go SDK.

Temporal Security Configuration

Secures Temporal clusters through mTLS, role-based access control, and network policy implementations.

BayesFlow Testing Suite

Standardizes the testing process for BayesFlow extensions by implementing best practices for Keras backends, shape verification, and simulation mocks.

Test-Driven Development (TDD) Mastery

Enforces a strict Red-Green-Refactor workflow to ensure all production code is verified by failing tests before implementation.

Rigorous Task Verification

Enforces evidence-based reporting by requiring fresh command execution and output validation before any task is marked as complete.

Test-Driven Development (TDD) Mastery

Enforces a strict Red-Green-Refactor cycle to ensure code reliability and eliminate technical debt through test-first implementation.

Systematic Debugging

Implements a rigorous, four-phase debugging framework to identify root causes and prevent regressions before applying code fixes.

Systematic Debugging

Implements a rigorous, four-phase methodology to identify root causes and eliminate software bugs without trial-and-error thrashing.

Verification Before Completion

Enforces a strict evidence-based protocol for verifying code changes and task completion before making success claims.

Clerk Security Hardening

Secures Clerk authentication implementations by enforcing best practices for environment variables, middleware, and webhook verification.

E2E Testing Specialist

Automates the creation, maintenance, and execution of comprehensive end-to-end testing suites to ensure robust web application performance.

Aegis Multi-Tenancy Enforcer

Enforces strict data isolation by ensuring every MongoDB query and service method includes a verified tenant identifier.

Linear API Security & OAuth

Hardens Linear integrations by implementing secure API key management, OAuth 2.0 flows, and timing-safe webhook verification.

Web Application Testing Toolkit

Automates end-to-end web application testing using Playwright with integrated server lifecycle management and UI debugging tools.