Security & Testing Claude 技能

Test-Driven Development (TDD)

Enforces a rigorous test-first workflow to ensure production code is reliable, verified, and free of regressions.

Systematic Debugging Framework

Implements a rigorous four-phase framework to identify root causes and eliminate bugs through scientific investigation rather than trial and error.

Root Cause Tracing

Systematically traces bugs backward through the call stack to identify and fix the original trigger rather than just the symptom.

PHP Xdebug MCP

Provides non-invasive PHP debugging, profiling, and execution tracing tools powered by Xdebug.

Semantic Code Search

Performs natural language semantic searches across codebases to find functionality based on meaning rather than literal text matches.

Bug Hunters Systematic Auditor

Executes systematic bug hunting through spec reconstruction and adversarial validation to identify high-confidence logic and language-specific flaws.

PRD Validator & Quality Check

Validates product requirement documents against structural standards and historical project lessons to ensure high-quality coding stories.

Security Audit & OWASP Compliance

Performs deep security analysis of codebases to identify vulnerabilities, OWASP Top 10 risks, and insecure architectural patterns.

Testing Management

Provides standardized commands and patterns for executing unit, component, and end-to-end tests across Oak AI project packages.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure high-quality, bug-free production code through test-first implementation.

Verification Before Completion

Enforces rigorous evidence-based validation before any task completion claims, commits, or pull requests.

Frontend Component Testing

Automates the generation of comprehensive unit, snapshot, and interaction tests for React and Vue components using React Testing Library.

Backend Test Generator

Automates the creation of comprehensive backend unit and integration tests with mocks and fixtures.

Preflight Code Quality Checker

Automatically discovers and executes comprehensive code quality checks including linting, type checking, security audits, and testing across multiple programming ecosystems.

Visual Regression Testing

Automates the end-to-end setup of visual regression testing for frontend components using Storybook and CI/CD pipelines.

Systematic Debugging

Enforces a rigorous four-phase root cause analysis process to identify and resolve software bugs before any code changes are proposed.

OWASP Top 10 Security Auditor

Audit and secure codebases against the most critical web application security risks using industry-standard mitigation patterns.

Subagent Skill Testing

Validates and stress-tests AI skill documentation using a TDD-inspired Red-Green-Refactor cycle to ensure agent compliance under pressure.

Condition-Based Waiting

Eliminates flaky tests and race conditions by replacing arbitrary timeouts with smart, deterministic condition polling.

Testing Anti-Patterns

Enforces high-quality testing standards by identifying and preventing common pitfalls like mock-testing and production code pollution.

Systematic Debugging

Enforces a rigorous, four-phase debugging methodology to identify root causes and ensure reliable software fixes without guesswork.

Defense-in-Depth Validation

Ensures application reliability by implementing multi-layered validation patterns that make structural bugs and data corruption impossible to reproduce.

Test Standards Enforcer

Enforces modern testing best practices and quality gates by validating patterns, naming, and coverage thresholds.

Test Execution & Analysis

Executes comprehensive test suites across backend and frontend environments with automated failure analysis and coverage reporting.

Test Data Management

Simplifies the creation and maintenance of robust test datasets through factories, fixtures, and automated seeding strategies.

Unit Testing Patterns

Implements robust unit testing patterns and best practices for TypeScript and Python using the AAA pattern and optimized fixtures.

LLM Safety Patterns

Implements production-grade security patterns for LLM integrations to defend against prompt injection and prevent hallucinations.

Security Scanning

Automates vulnerability detection for dependencies, source code, and containers using industry-standard security tools.

AI Defense-in-Depth

Implements a robust 8-layer security architecture to harden AI pipelines and protect LLM integrations from end-to-end.

MSW API Mocking

Intercepts and mocks network requests using Mock Service Worker 2.x to create deterministic frontend tests for REST, GraphQL, and WebSockets.