Security & Testing Claude 技能

Visual Regression Testing

Automates the end-to-end setup of visual regression testing for frontend components using Storybook and CI/CD pipelines.

Systematic Debugging

Enforces a rigorous four-phase root cause analysis process to identify and resolve software bugs before any code changes are proposed.

Testing Management

Provides standardized commands and patterns for executing unit, component, and end-to-end tests across Oak AI project packages.

Security Initialization

Automatically configures Claude Code security permissions by detecting project technologies and blocking access to sensitive files and build artifacts.

OWASP Top 10 Security Auditor

Audit and secure codebases against the most critical web application security risks using industry-standard mitigation patterns.

Security Audit & OWASP Compliance

Performs deep security analysis of codebases to identify vulnerabilities, OWASP Top 10 risks, and insecure architectural patterns.

Condition-Based Waiting

Eliminates flaky tests and race conditions by replacing arbitrary timeouts with smart, deterministic condition polling.

Testing Anti-Patterns

Enforces high-quality testing standards by identifying and preventing common pitfalls like mock-testing and production code pollution.

Defense-in-Depth Validation

Ensures application reliability by implementing multi-layered validation patterns that make structural bugs and data corruption impossible to reproduce.

PRD Validator & Quality Check

Validates product requirement documents against structural standards and historical project lessons to ensure high-quality coding stories.

Systematic Debugging

Enforces a rigorous, four-phase debugging methodology to identify root causes and ensure reliable software fixes without guesswork.

Subagent Skill Testing

Validates and stress-tests AI skill documentation using a TDD-inspired Red-Green-Refactor cycle to ensure agent compliance under pressure.

Preflight Code Quality Checker

Automatically discovers and executes comprehensive code quality checks including linting, type checking, security audits, and testing across multiple programming ecosystems.

Accessibility Auditor

Conducts comprehensive WCAG compliance audits and identifies inclusive design barriers across codebases and live URLs.

Test Standards Enforcer

Enforces modern testing best practices and quality gates by validating patterns, naming, and coverage thresholds.

Test Data Management

Simplifies the creation and maintenance of robust test datasets through factories, fixtures, and automated seeding strategies.

Test Execution & Analysis

Executes comprehensive test suites across backend and frontend environments with automated failure analysis and coverage reporting.

Unit Testing Patterns

Implements robust unit testing patterns and best practices for TypeScript and Python using the AAA pattern and optimized fixtures.

Modern Authentication Patterns

Implements production-ready authentication and authorization workflows using modern security standards like OAuth 2.1, Passkeys, and Argon2id.

LLM Safety Patterns

Implements production-grade security patterns for LLM integrations to defend against prompt injection and prevent hallucinations.

Web Dependency Security Scanner

Scans deployed websites to identify outdated frontend libraries, CMS vulnerabilities, and missing security headers without requiring source code access.

Security Scanning

Automates vulnerability detection for dependencies, source code, and containers using industry-standard security tools.

AI Defense-in-Depth

Implements a robust 8-layer security architecture to harden AI pipelines and protect LLM integrations from end-to-end.

Webapp Testing & Playwright Automation

Automates end-to-end web testing using Playwright's autonomous agents for planning, generating, and self-healing tests.

Input Validation & Sanitization

Implements secure input validation and sanitization patterns using Zod and Pydantic to prevent injection attacks and ensure data integrity.

MSW API Mocking

Intercepts and mocks network requests using Mock Service Worker 2.x to create deterministic frontend tests for REST, GraphQL, and WebSockets.

Integration Testing Patterns

Implements robust integration testing patterns for APIs, databases, and complex component interactions across modern tech stacks.

VCR.py HTTP Recording

Records and replays HTTP interactions for Python tests to create deterministic, network-independent, and cost-effective test environments.

Evidence Verification

Verifies development tasks and code changes by collecting verifiable proof including test results, build outputs, and exit codes.

AI & LLM Testing Patterns

Implements deterministic testing patterns for AI applications using DeepEval, RAGAS, and advanced mocking strategies.