Security & Testing Claude 技能

Semgrep Static Analysis

Performs high-speed static analysis and security scanning to identify vulnerabilities and enforce custom code patterns.

CVE Dependency Audit

Scans project dependencies across multiple programming languages to identify and report known security vulnerabilities and CVEs.

Test-Driven Development Workflow

Guides the Red-Green-Refactor cycle to ensure high-quality, verified code through test-first development.

Address Sanitizer

Detects memory safety vulnerabilities and errors in C and C++ programs using AddressSanitizer instrumentation.

CVE Vulnerability Lookup

Retrieves detailed information about Common Vulnerabilities and Exposures (CVEs) and affected software versions directly within your development environment.

Semgrep Rule Creator

Generates custom Semgrep rules to detect security vulnerabilities and logic bugs within source code.

Validator Role

Implements rigorous software quality assurance, comprehensive test suites, and security-focused code reviews to ensure production-grade standards.

Polar Integration Validator

Validates and secures Polar.sh billing integrations by checking webhooks, signatures, and environment configurations.

Terraform Test Expert

Validates infrastructure-as-code configurations using the native Terraform testing framework and .tftest.hcl patterns.

RSpec Testing Patterns

Implements enterprise-grade RSpec testing patterns for robust Ruby on Rails application development.

Rails Code Quality Gates

Implements a multi-layered validation system for Ruby on Rails using Solargraph, Sorbet, and Rubocop to ensure enterprise-grade code standards.

Sandbox Security

Executes untrusted code and system commands in secure, isolated microVMs to protect the host environment.

RSpec Testing Patterns

Provides comprehensive, enterprise-grade testing patterns and boilerplate for Ruby on Rails applications using RSpec and FactoryBot.

Rails Implementation Safety

Enforces production-grade Ruby on Rails code quality through comprehensive safety checklists covering security, performance, and error handling.

Enterprise Requirements Writing & Gherkin

Standardizes the software development lifecycle by generating testable User Stories and Gherkin scenarios for enterprise Rails applications.

Backend Tests

Guides the creation and maintenance of backend tests according to established coding standards and best practices.

Coverport Integration

Integrates the `coverport` tool into Go repositories to collect and upload end-to-end test coverage data to Codecov via Tekton pipelines.

TUnit Test Runner

Executes and manages TUnit tests with Playwright integration to verify Blazor component functionality and accessibility.

Testing Infrastructure

Implements comprehensive testing infrastructure and patterns for monorepos using Vitest, React Testing Library, and Storybook.

Autonomous Bug Diagnosis & Root Cause Analysis

Automates structured debugging workflows and root cause analysis using evidence-based protocols and comprehensive verification.

Security Engineer

Implements robust security best practices and protection patterns across the entire application stack.

Scale Game Problem Solving

Validates architectural decisions by simulating extreme scaling scenarios to identify hidden bottlenecks and system failures.

clj-kondo Clojure Linter

Analyzes Clojure source code to detect syntax errors, enforce best practices, and implement domain-specific linting rules through custom hooks.

GDPR Auditor

Analyzes codebases and system documentation to identify GDPR compliance gaps, data protection risks, and privacy policy inconsistencies.

Automated Code Fixer

Automatically identifies and resolves code issues across test suites, linting reports, type-checkers, and security scanners.

Theater Code Detection

Identifies non-functional code that appears complete but lacks operational logic to ensure production reliability.

Quality Gates

Implements multi-level quality verification procedures to ensure code security, performance, and production readiness.

Playwright E2E Testing

Enforces standardized end-to-end testing workflows using Playwright with custom fixtures and Page Object Models.

Verification & Quality Assurance

Ensures codebase reliability through real-time truth scoring, automated code verification, and an intelligent rollback system.

Root Cause Tracing

Systematically traces software bugs backward through the call stack to identify and resolve original triggers at their source.