Security & Testing Claude 技能

Find Bugs & Security Auditor

Performs rigorous security audits and bug detection on local code changes using a structured multi-phase review process.

DeepEval LLM Testing

Implements robust pytest-style evaluation frameworks to measure LLM performance, RAG quality, and output faithfulness.

Promptfoo Config

Streamlines the configuration and execution of promptfoo for rigorous LLM evaluation and regression testing.

Go Architecture Test Manager

Enforces Hexagonal Architecture and DDD constraints by automatically generating and updating Go architecture tests.

React TDD Feature Scaffolder

Generates complete, production-ready React features using a strict Test-Driven Development workflow and feature-based architecture.

Go Hexagonal & DDD Architect

Reviews Go codebases for Hexagonal Architecture compliance and Domain-Driven Design principles using automated tests and AI analysis.

Reverse Engineering

Performs deep binary analysis, decompilation, and vulnerability research using Ghidra, IDA Pro, and radare2 integration.

OSINT Investigator

Conducts structured open-source intelligence gathering and due diligence using a catalog of 279 verified public sources.

OWASP Security Reviewer

Performs automated security audits and OWASP Top 10 compliance checks on pull requests, commits, or entire codebases.

Systematic Bug Fixer

Resolves software defects through automated test-driven reproduction, root cause analysis, and rigorous regression verification.

Dependency Reviewer & Security Auditor

Audits project dependencies for security vulnerabilities, license compliance risks, and version staleness across multiple programming ecosystems.

Test Suite Generator

Generates comprehensive, framework-agnostic test suites with deep coverage analysis and parallel test writing.

Safe Code Refactoring

Refactors complex codebases safely using characterization tests, incremental changes, and automated verification to ensure behavior preservation.

Pentest Checklist

Provides a comprehensive, structured methodology for planning, executing, and remediating penetration testing engagements.

Security Hint

Identifies potential security vulnerabilities and secret exposures in real-time to promote safer development practices.

OpenSpec Change Verifier

Validates that code implementations align perfectly with specifications, tasks, and design documents before archiving changes.

TypeScript Testing Pro

Implements professional TypeScript testing patterns using Jest and Vitest to ensure high-quality, reliable code.

Security Ownership Map & Git Risk Analyzer

Analyzes Git history to map code ownership, identify security risks like low bus factors, and visualize developer-to-file topologies.

SDD Feature Implementer

Guides feature development through a strict Spec Driven Development (SDD) workflow to ensure high test coverage and code quality.

Raven Security Investigate

Conducts rapid, parallel security audits across any codebase to deliver a comprehensive posture assessment and noir-style case file.

Outfitter Stack Code Auditor

Audits TypeScript codebases for Outfitter Stack compliance, ensuring robust error handling, secure pathing, and consistent logging patterns.

Outfitter Compliance Check

Validates codebase compliance with the Outfitter Stack by scanning for anti-patterns and generating actionable severity-ranked reports.

TDD Field Guide

Implements disciplined Red-Green-Refactor cycles for TypeScript and Rust development using standardized TDD methodologies.

Prove It Works (No-Mock Testing)

Validates features end-to-end using real dependencies and zero mocks to ensure production-grade reliability.

Django Security Hardening

Implements production-ready security configurations and hardening patterns for Django web applications.

Go Test Scaffold Generator

Automates the creation of table-driven Go test suites following oastools conventions and testify patterns.

SonarCloud Technical Debt Manager

Syncs, reports, and resolves SonarCloud code quality issues within your Technical Debt Management System.

Safe Rust API Designer

Guides the creation of sound, safe public APIs that wrap unsafe Rust code using industry-standard memory safety and pointer handling patterns.

Accessibility & Content Auditor

Performs comprehensive WCAG 2.1 accessibility audits and AI content safety evaluations for web pages and conversational interfaces.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all production code is verified by failing tests before implementation.