Testing & Security

Build and run the Nomos Terraform Remote State Provider. Use this when testing the provider, verifying functionality, or running the provider binary locally.

This skill should be used when developing backend services for Manjha using Encore.ts, implementing agents, writing E2E tests, or working with the message-driven architecture. It ensures adherence to TDD practices, type safety, proper logging, and Manjha's development principles.

Generate new Node.js CLI tool projects using TypeScript with ESM modules, tsc for building, tsx for development, Biome for linting/formatting, and Node's built-in test runner. Use this skill when the user requests to create a new Node TypeScript CLI project or CLI tool.

Analyze git diff to identify code changes requiring documentation updates. Categorizes changes (database/schema, API endpoints, components, configuration, authentication) and suggests relevant documentation files to review. Use when: (1) After making code changes, (2) Before committing significant changes, (3) When adding new features or modifying APIs, (4) During PR preparation, (5) When working with database schemas, API routes, components, or configuration files, (6) To ensure documentation stays synchronized with code changes, (7) For documentation sync and maintenance, or (8) For pre-commit documentation checks. Triggers: check docs, docs check, documentation check, update docs, sync documentation, what docs need updating, check if docs are up to date, after code changes, before committing.

Use this skill when writing Ruby code following the RuboCop Community Ruby Style Guide. Provides comprehensive guidance on idiomatic Ruby patterns, method design, class structure, collections, strings, exceptions, and testing. Covers Sandi Metz rules, duck typing, metaprogramming guidelines, and RuboCop enforcement. Appropriate for any task involving .rb files, Ruby code reviews, refactoring, Rails development, or implementing Ruby best practices.

Wrap third-party libraries for testability and replaceability. Use when integrating external APIs, creating testable code, or building swappable implementations.

Identify vulnerability class, analyze root cause, and plan exploitation strategy.

Use when Clawdis needs to test or operate GoHome (Home Assistant clone) via gRPC discovery, metrics, and Grafana.

Creates Playwright test scripts from natural language user flow descriptions. This skill should be used when generating E2E tests from scenarios, converting user stories to test code, recording user flows, creating test scripts from descriptions like "user signs up and creates project", or translating acceptance criteria into executable tests. Trigger terms include playwright test, e2e flow, user scenario, test from description, record flow, user journey, test script generation, acceptance test, behavior test, user story test.

セキュリティ監査と脆弱性対策を支援します。OWASP Top 10に基づく包括的な脆弱性チェック、コード分析、リスク評価を提供します。セキュリティ脆弱性の特定、コンプライアンス確認、セキュアコーディング実装が必要な場合に使用してください。

Expert on Shelby Protocol smart contracts on Aptos blockchain. Helps with blob metadata, micropayment channels, auditing system, storage commitments, placement group assignments, Move modules, and on-chain state management. Triggers on keywords Shelby smart contract, Shelby Move, blob metadata, micropayment channel, Shelby auditing, placement group assignment, storage commitment, Aptos contract.

Write meaningful code comments that explain WHY rather than WHAT, focusing on business logic, non-obvious solutions, workarounds, and complex algorithms while keeping code self-documenting. Use this skill when adding comments to explain rationale, documenting complex business logic, explaining workarounds or temporary solutions, describing performance optimizations, writing function documentation (JSDoc, docstrings, XML docs), or reviewing code for appropriate commenting. Apply when working on any code file that contains logic requiring explanation, public API functions, complex algorithms, security-critical code, or architectural decisions. This skill ensures comments explain rationale not implementation (WHY not WHAT), self-documenting code through clear naming (refactor unclear code instead of commenting), concise and evergreen comments (no who/when dated comments - Git tracks this), links to external resources for context, proper function documentation format (JSDoc for TS/JS, docstrings for Python, XML d

Master MongoDB authentication methods including SCRAM, X.509 certificates, LDAP, and Kerberos. Learn user creation, role assignment, and securing MongoDB deployments.

Validate markdown documentation against meta-agentic best practices. Use when validating skills, commands, checking broken links, validating frontmatter, auditing documentation structure, or running compliance checks.

Writes tests using Vitest and Testing Library. Use when creating unit tests, API tests, component tests, or mocking Firebase/external services. Includes test patterns, assertions, and coverage targets.

Use when user wants to add a new sensor to the Enviro+ monitoring system, or asks to monitor a new data point. Guides through importing libraries, initialization, reading sensor values, publishing to Adafruit IO and Home Assistant, updating documentation, testing, and rate limit verification.

Write tests that verify spec acceptance criteria and requirements. Maps each AC to specific test cases, follows AAA pattern, ensures deterministic isolated tests. Use in parallel with implementation or after.

Container strategies for .NET libraries and test environments. Use when working with Docker test environments, container-based integration testing, or NuGet package container builds. Not typically for production deployment of libraries.

Run tests with Jest, Vitest, or Playwright, fix failing tests, and generate missing test coverage. Use when user says "run tests", "test this", "fix failing tests", "write tests", or when tests need to be executed or created.

Dependency security scanning. Use when auditing npm packages for vulnerabilities.