Testing & Security

Create and manage OSCAL component definitions for reusable security control implementations. Inspired by CivicActions components and community patterns. Use for building component libraries and shared control implementations.

Develop Python applications using modern patterns, uv, and functional-first design. Activate when working with .py files, pyproject.toml, uv commands, or user mentions Python, itertools, functools, pytest, mypy, ruff, async, or functional programming patterns.

Expert skill for implementing JWT-based authentication in FastAPI applications. Handles token generation, verification, user authentication, protected routes, and security best practices. Includes setup for password hashing, OAuth2 schemes, and user data isolation. Use when implementing JWT authentication in FastAPI applications, securing API endpoints with token-based authentication, or implementing user registration and login functionality.

30 pragmatic rules for production JavaScript covering async operations, V8 optimization, memory management, testing, error handling, and performance. Use when writing JavaScript, optimizing performance, handling promises, or building production-grade applications. Includes promise rejection handling, V8 hidden classes, memory leak prevention, and structured testing patterns.

Scans code for security vulnerabilities and suggests fixes. Use when checking for security issues, validating input handling, or performing security audits.

Implement mobile-first responsive designs with fluid layouts, breakpoints, relative units, and touch-friendly interfaces that work across all device sizes. Use this skill when writing or modifying React components (.tsx, .jsx files), when implementing CSS or Tailwind responsive utilities (sm:, md:, lg:, xl: breakpoints), when working on layout components, navigation menus, grid systems, when optimizing for mobile devices, tablets, or desktop screens, when implementing media queries, when ensuring touch-friendly UI elements, or when testing cross-device compatibility.

Use when creating new skills, editing existing skills, or verifying skills work before deployment - applies TDD to process documentation by testing with subagents before writing, iterating until bulletproof against rationalization

Testing patterns for Vercel AI SDK including mock providers, streaming tests, tool calling tests, snapshot testing, and test coverage strategies. Use when implementing tests, creating test suites, mocking AI providers, or when user mentions testing, mocks, test coverage, AI testing, streaming tests, or tool testing.

Systematic UI testing using Playwright for GAO-Dev web interface. Provides patterns for testing layouts, interactions, and visual regressions. Use when testing web interface changes or verifying UI bug fixes.

Tests JavaScript and TypeScript applications with Jest test runner including mocking, snapshot testing, and code coverage. Use when setting up testing, writing unit tests, or when user mentions Jest, test runner, or JavaScript testing.

Repository discovery and development commands for Soracom repos. Use when cloning repos, running builds/tests, or identifying which repos a feature affects.

Find and attach the newest screenshot PNG in ~/temp/screenshots. Use when a user asks to locate, show, or attach the latest screenshot or wants the newest PNG from the screenshots folder.

Use when creating new skills, editing existing skills, or verifying skills work before deployment - applies TDD to process documentation by testing with subagents before writing, iterating until bulletproof against rationalization

Writing Probitas scenarios. MUST BE USED when writing/editing E2E tests, creating scenarios, or working with *.probitas.ts files.

Building and deploying Expo React Native apps to iOS. Use when configuring EAS Build, submitting to TestFlight, App Store deployment, managing certificates, or troubleshooting build issues.

This skill should be used when the user asks to "write specs", "create spec", "add RSpec tests", "fix failing spec", or mentions RSpec, describe blocks, it blocks, expect syntax, test doubles, or matchers. Should also be used when editing *_spec.rb files, working in spec/ directory, planning implementation phases that include tests (TDD/RGRC workflow), writing Testing Strategy or Success Criteria sections, discussing unit or integration tests, or reviewing spec output and test failures. Comprehensive RSpec and FactoryBot reference with best practices, ready-to-use patterns, and examples.

Comprehensive Spring Boot 3.x best practices for building scalable, maintainable enterprise applications with Jakarta EE. Use this skill when creating Spring Boot applications, designing REST APIs, implementing security, writing tests, or architecting Spring Boot projects. Covers Controller-Service-Repository patterns, validation, error handling, testing strategies, performance optimization, and production-ready configurations.

Use when reviewing plugin quality, auditing plugins, analyzing the marketplace, checking plugins against Anthropic standards, or evaluating plugin architecture - provides systematic analysis methodology with validation framework

Nodemon JSON configuration templates and validation logic for development server hot-reload. Includes 5 required standards (watch patterns, exec command, ignore patterns, development settings, required dependencies). Use when creating or auditing nodemon.json files to enable automatic server restart on file changes.

Expert Node.js guidance for fetching and integrating RSS feeds and REST APIs. Use when requests mention Fetch, RSS, API, REST endpoints, Atom feeds, pagination, authentication, rate limits, webhooks, or when building API clients that ingest feed data.