Testing & Security

Assess and enhance software projects for enterprise-grade security, quality, and automation. Use when evaluating projects for production readiness, implementing supply chain security (SLSA, signing, SBOMs), hardening CI/CD pipelines, or establishing quality gates. Aligned with OpenSSF Scorecard, Best Practices Badge (all levels), SLSA, and S2C2F. By Netresearch.

Analyze test coverage and add new test cases to improve coverage without changing implementation

Guide for implementing MongoDB - a document database platform with CRUD operations, aggregation pipelines, indexing, replication, sharding, search capabilities, and comprehensive security. Use when working with MongoDB databases, designing schemas, writing queries, optimizing performance, configuring deployments (Atlas/self-managed/Kubernetes), implementing security, or integrating with applications through 15+ official drivers. (project)

Complete knowledge domain for Cloudflare Browser Rendering - Headless Chrome automation with Puppeteer and Playwright on Cloudflare Workers for screenshots, PDFs, web scraping, and browser automation workflows. Use when: taking screenshots, generating PDFs from HTML or URLs, web scraping content, crawling websites, browser automation tasks, testing web applications, managing browser sessions, performing batch browser operations, integrating with AI for content extraction, or encountering browser rendering errors, XPath selector errors, browser timeout issues, concurrency limits, memory exceeded errors, or "Cannot read properties of undefined (reading 'fetch')" errors. Keywords: browser rendering cloudflare, @cloudflare/puppeteer, @cloudflare/playwright, puppeteer workers, playwright workers, screenshot cloudflare, pdf generation workers, web scraping cloudflare, headless chrome workers, browser automation, puppeteer.launch, playwright.chromium.launch, browser binding, session management, puppeteer.sessions, puppeteer.connect, browser.close, browser.disconnect, XPath not supported, browser timeout, concurrency limit, keep_alive, page.screenshot, page.pdf, page.goto, page.evaluate, incognito context, session reuse, batch scraping, crawling websites

Publishes hdwallet packages locally to verdaccio and updates them in the web repo. Use when you need to publish hdwallet locally, publish to verdaccio, run the verdaccio publish pipeline, or test hdwallet changes locally.

Use this skill whenever the user wants to set up, refactor, or maintain a GitHub Actions CI/CD pipeline for deploying Cloudflare Workers/Pages apps (e.g. Hono + TypeScript) with D1/R2, including tests, build, migrations, and multi-environment deploys.

CDI and Quarkus development standards for CUI projects, including CDI aspects, container configuration, testing, and native optimization

Comprehensive QA and testing skill for quality assurance, test automation, and testing strategies for ReactJS, NextJS, NodeJS applications. Includes test suite generation, coverage analysis, E2E testing setup, and quality metrics. Use when designing test strategies, writing test cases, implementing test automation, performing manual testing, or analyzing test coverage.

Test Zod schemas comprehensively with unit tests, integration tests, and type tests for validation logic

Code review mode - comprehensive review with security, performance, and maintainability focus

Test TUI (Text User Interface) applications using tmux. Use this skill when you need to automate testing of terminal-based applications by sending keystrokes and capturing pane output.

Use when reviewing test suites, after test runs pass, or when user asks about test quality - performs exhaustive line-by-line audit tracing code paths through entire program, verifying tests actually validate what they claim. Outputs structured report compatible with fix-tests skill.

Setup UI Automator 2.4 smoke test for validating app launches (works with debug and release builds)

Package entire code repositories into single AI-friendly files using Repomix. Capabilities include pack codebases with customizable include/exclude patterns, generate multiple output formats (XML, Markdown, plain text), preserve file structure and context, optimize for AI consumption with token counting, filter by file types and directories, add custom headers and summaries. Use when packaging codebases for AI analysis, creating repository snapshots for LLM context, analyzing third-party libraries, preparing for security audits, generating documentation context, or evaluating unfamiliar codebases.

Multi-agent orchestration system sử dụng Claude subagents thực tế từ thư mục agents/ cho security reviews, code quality analysis, deployment validation, infrastructure checks. Auto-activates với orchestrator-worker pattern và extended thinking mode.

Scaffold a native-looking, effective Electron app with best practices baked in. Creates a production-ready Electron application with security hardening, modern tooling, proper IPC patterns, auto-updates, native UI elements, and optimal build configuration. Use this skill when users want to start a new Electron project or modernize an existing one.

Design and implement end-to-end type-safe APIs using tRPC with proper router organization, procedure definitions, input validation with Zod schemas, context management, and middleware. Use this skill when creating or modifying tRPC router files like server/routers/*.ts, src/server/api/routers/*.ts, *.router.ts, or any files containing tRPC procedure definitions, queries, and mutations. Use this when defining tRPC routers with .query() for read operations and .mutation() for write operations, implementing input validation using Zod schemas with .input(z.object({...})) for type-safe runtime validation of all procedure parameters, creating and organizing reusable sub-routers by feature or domain (user router, post router, comment router) and composing them into a main app router using mergeRouters or router nesting, setting up tRPC context in createContext functions to provide request-scoped data like user sessions, database connections, or authentication state to all procedures, implementing tRPC middleware wit

Use when scaffolding, auditing, or validating Prisma database packages in MetaSaver monorepos. Covers package structure, Prisma schema setup, database client initialization, and seed scripts. File types: .prisma, .ts, package.json.

Generates Husky Git hooks configuration with pre-commit checks. Creates .husky/pre-commit file for running linting, testing, and formatting before commits.

Use when you need to plan technical solutions that are scalable, secure, and maintainable.