Security & Testing Claude 技能

Security Audit Scanner

Automates comprehensive security audits, vulnerability scanning, and secret detection for complex multi-service architectures.

Privilege Escalation Security Auditor

Identifies authorization vulnerabilities and privilege escalation paths within your source code using the STRIDE threat modeling framework.

Smart Test Fixer

Systematically identifies, groups, and resolves failing tests to restore codebase stability and achieve a green test suite.

Secrets Management for CI/CD

Implements secure handling, storage, and rotation of sensitive credentials across major CI/CD platforms and cloud providers.

Solidity Smart Contract Security

Implements secure smart contract development patterns and identifies critical vulnerabilities in Solidity code to ensure robust blockchain applications.

SAST Configuration & Security Scanning

Configures and automates Static Application Security Testing (SAST) tools for comprehensive vulnerability detection in application code.

Python Testing Patterns

Implements comprehensive Python testing strategies using pytest, fixtures, mocking, and test-driven development best practices.

Web3 Smart Contract Testing

Implements comprehensive smart contract testing suites using Hardhat and Foundry to ensure blockchain security and gas efficiency.

Root Cause Tracing

Systematically traces bugs through call stacks to identify and fix the original source of errors rather than just their symptoms.

Comprehensive Codebase Audit

Performs multi-dimensional codebase reviews using specialized AI agents to identify security, performance, and architectural issues.

AppSec Configuration Manager

Manages persistent security preferences, tool thresholds, and scan exclusions for integrated application security workflows.

Serverless Security Audit

Analyzes serverless applications for security vulnerabilities including overprivileged IAM policies, event injection, and insecure configuration.

PASTA Vulnerability Analysis

Identifies security weaknesses and maps vulnerabilities to CWE identifiers using the PASTA threat modeling methodology.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all production code is verified by failing tests first.

Linkability & Privacy Analysis

Analyzes source code to identify and mitigate linkability threats where user data can be correlated across services, sessions, or contexts.

Privacy Detectability & Side-Channel Analyst

Analyzes source code for detectability threats and timing side channels to prevent unauthorized inference of system interactions.

Bash Automated Testing (Bats)

Master the Bash Automated Testing System (Bats) to create robust, production-grade unit tests for shell scripts and CI/CD pipelines.

Security Assessment Tools

Performs comprehensive security audits, network reconnaissance, and vulnerability management directly from the command line using Shodan, OSV, and KEV integrations.

Web Application Testing

Automates end-to-end testing and UI debugging for local web applications using Playwright and managed server lifecycles.

Attack Surface Mapping

Maps and inventories every application entry point to identify potential security exposure and undocumented interfaces.

AppSec Learn

Teaches application security through interactive, guided walkthroughs using your own codebase as the primary teaching material.

Kubernetes Security Policies

Implements production-grade Kubernetes security policies including NetworkPolicy, RBAC, and Pod Security Standards to ensure cluster-wide defense-in-depth.

AppSec Full Audit

Conducts exhaustive, multi-framework security audits and generates comprehensive, compliance-ready reports.

Systematic Debugging

Enforces a rigorous four-phase framework to identify root causes and eliminate guess-and-check thrashing during the software debugging process.

Identity Spoofing Security Analysis

Analyzes source code to identify and remediate identity spoofing vulnerabilities and authentication weaknesses based on the STRIDE threat model.

JavaScript Testing Patterns

Implement robust testing strategies for JavaScript and TypeScript applications using modern frameworks like Jest and Vitest.

WebSocket Security Auditor

Analyzes WebSocket implementations for security vulnerabilities like CSWSH, missing authentication, and inadequate message validation.

PASTA Application Decomposition

Analyzes application architecture to identify components, trust boundaries, and data sensitivity for formal threat modeling.

Security Misconfiguration Auditor

Audits application and infrastructure configurations to identify and remediate security vulnerabilities based on OWASP standards.

AppSec Security Dashboard

Visualizes the current security posture of a project by aggregating scan results and tracking code changes since the last audit.