Security & Testing Claude 技能

SOC2 Audit & Compliance Helper

Automates evidence gathering and gap analysis to streamline SOC2 audit preparation and security compliance workflows.

Security Audit Reporter

Generates comprehensive security audit reports and vulnerability assessments to improve system security posture.

Completion Verification Gate

Enforces rigorous quality standards by requiring mandatory evidence-based verification and TDD certification before any task is marked complete.

Web Application Testing

Automates local web application testing and UI verification using Playwright for robust frontend debugging and end-to-end testing.

Security Misconfiguration Finder

Audits configuration files and system settings to proactively identify and remediate security vulnerabilities and compliance issues.

Testing Anti-Patterns Prevention

Prevents common testing mistakes like mocking implementation details, polluting production code, and ignoring accessibility requirements.

Senior QA Engineering Toolkit

Implements comprehensive quality assurance strategies, automated test suites, and coverage analysis for modern web applications.

DevSecOps Security Integration

Integrates automated security scanning, secrets management, and policy-as-code directly into the software development lifecycle.

HIPAA Compliance Checker

Audits software projects and infrastructure configurations to identify potential HIPAA compliance vulnerabilities and healthcare data security gaps.

Defense-in-Depth Validation

Implements a multi-layered validation strategy to eliminate data-driven failures and make bugs structurally impossible.

Run the Tests

Automates test execution, failure diagnosis, and infrastructure setup to ensure 100% test pass rates across multiple languages and frameworks.

Penetration Testing & Security Auditing

Automates web application security assessments to identify vulnerabilities and generate comprehensive penetration test reports.

Reviewing Silent Failures

Identifies and mitigates silent failures, swallowed errors, and unhandled exceptions in frontend codebases.

Silent Failure Reviewer

Audits frontend codebases to detect and remediate swallowed exceptions and silent error handling patterns.

Data Privacy Scanner

Scans codebases and configuration files to identify PII leaks, compliance risks, and potential data privacy vulnerabilities.

SQL Injection Security Detector

Scans application source code to identify, analyze, and remediate SQL injection vulnerabilities in database queries.

API Fuzz Tester

Performs automated fuzz testing on REST APIs to identify security vulnerabilities, input validation failures, and unexpected behaviors.

Security Code Review Agent

Conducts comprehensive security audits and vulnerability assessments to identify risks like SQL injection, XSS, and insecure dependencies.

Systematic Debugging

Eliminates guesswork by enforcing a rigorous four-phase framework to identify root causes before implementing any code fixes.

CSRF Protection Validator

Validates web application endpoints for Cross-Site Request Forgery (CSRF) vulnerabilities and security gaps.

Systematic Debugging

Eliminates trial-and-error debugging by enforcing a rigorous, root-cause-first methodology for all technical issues.

Root Cause Tracing

Identifies the origin of deep-seated bugs by systematically tracing errors backward through the call stack to the original trigger point.

Web Application Testing Toolkit

Facilitates end-to-end testing and browser automation for local web applications using Playwright and Python.

Web Application Testing

Automates local web application testing and browser interaction using Playwright and lifecycle management scripts.

SDD Plan Review

Conducts multi-model AI consultations to provide structured feedback and risk assessments for technical specifications before implementation begins.

Kubernetes Security Policies

Implement production-grade Kubernetes security using NetworkPolicies, Pod Security Standards, and RBAC.

SDD Fidelity Review

Evaluates code implementation against specification requirements to identify deviations, assess impact, and ensure architectural alignment.

Spec Validation & Repair

Ensures the structural integrity and consistency of Spec-Driven Development (SDD) JSON files through comprehensive validation and automated fixing.

Run Tests

Executes pytest suites and provides a systematic multi-agent debugging workflow to resolve complex test failures and regressions.

Condition-Based Waiting

Eliminates flaky tests by replacing arbitrary delays with reliable condition-based polling logic.