Security & Testing Claude 技能

Integration Testing Patterns

Implements robust integration testing patterns for APIs, databases, and complex component interactions across modern tech stacks.

Evidence Verification

Verifies development tasks and code changes by collecting verifiable proof including test results, build outputs, and exit codes.

VCR.py HTTP Recording

Records and replays HTTP interactions for Python tests to create deterministic, network-independent, and cost-effective test environments.

AI & LLM Testing Patterns

Implements deterministic testing patterns for AI applications using DeepEval, RAGAS, and advanced mocking strategies.

Golden Dataset Curator

Curates and validates high-quality documents for golden datasets using a multi-agent evaluation workflow.

Webapp Testing & Playwright Automation

Automates end-to-end web testing using Playwright's autonomous agents for planning, generating, and self-healing tests.

Accessibility Auditor

Conducts comprehensive WCAG compliance audits and identifies inclusive design barriers across codebases and live URLs.

Prow Job Test Failure Analyzer

Streamlines CI/CD debugging by automatically analyzing Prow test failures through log inspection, artifact scanning, and cluster event correlation.

Security Initialization

Automatically configures Claude Code security permissions by detecting project technologies and blocking access to sensitive files and build artifacts.

Community Escalation Framework

Standardizes community incident management through tiered response protocols, stakeholder mapping, and cross-functional coordination.

Systematic Debugging Framework

Implements a rigorous four-phase framework to identify root causes and eliminate bugs through scientific investigation rather than trial and error.

Test-Driven Development (TDD)

Enforces a rigorous test-first workflow to ensure production code is reliable, verified, and free of regressions.

PR Readiness & Verification

Enforces rigorous, evidence-based verification protocols to ensure code is fully tested and functional before making completion claims or creating pull requests.

Root Cause Tracing

Systematically traces bugs backward through the call stack to identify and fix the original trigger rather than just the symptom.

Security Audit & OWASP Compliance

Performs deep security analysis of codebases to identify vulnerabilities, OWASP Top 10 risks, and insecure architectural patterns.

Playwright E2E Debugger

Debugs and fixes Playwright end-to-end tests for browser extensions while minimizing flakiness in dynamic environments.

Litestar Vite Testing

Streamlines the creation of high-quality unit and integration tests for Litestar-Vite integrations using pytest and Vitest.

Gateflow SystemVerilog Lint

Lints SystemVerilog code using Verilator to identify design errors, warnings, and performance bottlenecks with structured feedback.

SystemVerilog Testbench Best Practices

Implements professional-grade SystemVerilog verification patterns and layered testbench architectures for robust RTL validation.

GateFlow Verilator Lint Summary

Simplifies SystemVerilog development by converting complex Verilator lint and simulation outputs into actionable, readable reports.

GF Sim (SystemVerilog Simulator)

Compiles and executes SystemVerilog simulations using Verilator with automated file classification and structured result reporting.

Zigbee ZUTH Test Harness

Streamlines the setup, configuration, and execution of Zigbee Unified Test Harness (ZUTH) for official device certification testing.

SDLC Layer Auditor

Validates and repairs SDLC Layer Separation Architecture implementations through automated cross-referencing and metadata checks.

Code Reviewer & Security Auditor

Conducts comprehensive code reviews focusing on security vulnerabilities, performance bottlenecks, and architectural best practices.

Extension Debugger

Debugs and resolves issues within Chrome and Firefox extensions by inspecting content scripts, popups, and service workers.

Quality Gates

Automates repository quality checks including linting, multi-browser builds, and E2E testing for browser extensions.

Shadow Testing

Creates isolated container environments to test local, uncommitted code changes across multiple repositories before pushing to CI.

ArifOS Web Search Grounding

Verifies AI-generated claims against authoritative external sources using a multi-tier constitutional consensus framework.

Playwright E2E Testing

Automates robust end-to-end testing using Playwright 1.57+ with AI-assisted test generation and self-healing capabilities.

Security Guardian

Audits source code for vulnerabilities and provides expert guidance on implementing secure application patterns and remediation strategies.