Testing & Security

Prevents 30+ critical AI/ML mistakes including data leakage, evaluation errors, training pitfalls, and deployment issues. Use when working with ML training, testing, model evaluation, or deployment.

Guides strict TDD (red/green/refactor), prioritizing domain unit tests and small steps.

专业安全审计专家，精通漏洞扫描、渗透测试、合规检查和安全代码审查。帮助企业识别和修复安全风险，确保系统和数据的安全性。

Build autonomous end-to-end full-stack testing agents using Claude's Computer Use API, LangGraph orchestration, and hybrid Playwright automation. Use this skill when building testing infrastructure, test automation, CI/CD test integration, or self-healing test systems.

Enterprise Clerk Authentication Platform with AI-powered modern identity architecture, Context7 integration, and intelligent user management orchestration for scalable applications

Comprehensive security vulnerability scanning. Use when checking for OWASP vulnerabilities, scanning for secrets/API keys, auditing dependencies for CVEs, or running pre-commit security checks.

Validate planning documents before implementation begins. Checks ambiguity resolution, prerequisites, and testing methods. Use when: - Before starting implementation of a ticket - User says "validate plan", "check plan", "ready to implement?" - After completing 2-plan.md and 3-spec.md - Before TDD cycle begins

Python async/await patterns with asyncio, concurrent.futures, threading, and multiprocessing. Covers async context managers, timeouts, cancellation, common pitfalls (blocking in async, missing await, event loop issues), and choosing between async/threading/multiprocessing. Use when writing async code, debugging async issues, choosing concurrency approaches, or testing async functions.

Systematic approach to reviewing code for quality, security, and maintainability

Vitest - Modern TypeScript testing framework with Vite-native performance, ESM support, and TypeScript-first design

Parse WCAG accessibility scan reports and combine with personal accessibility testing experiences to generate compelling, evidence-based violation narratives that cite both user impact and technical violations. Generates plain-text complaint narratives suitable for demand letters, legal notices, and accessibility audit reports.

Use when implementing any feature or bugfix, before writing implementation code - write the test first, watch it fail, write minimal code to pass; ensures tests actually verify behavior by requiring failure first

Review React components for best practices, hooks usage, performance issues, accessibility, and TypeScript type safety. Use when you need to audit existing React components or provide code review feedback.

Standard Operating Procedure for /optimize phase. Covers performance benchmarking, accessibility audit, security review, and code quality checks.

Securely upload GitHub Actions secrets via gh CLI. Use when GitHub Actions workflow requires secrets or user invokes /setup-github-secrets. NEVER commits secrets.

Toolkit para interagir e testar aplicações web locais usando Chrome DevTools MCP. Suporta verificação de funcionalidade frontend, debugging de UI, captura de screenshots, análise de performance, inspeção de network e visualização de logs do console.

MUST INVOKE this skill when working with subagents, setting up agent configurations, understanding how agents work, or using delegation tools to launch specialized agents. Create, audit, and maintain AI subagents and delegation tools.

Complete guide for adding new self-hosted applications to the home-server Ansible infrastructure. Use this skill when the user wants to add a new service, create a new role, or deploy a new self-hosted application. Covers role structure, integration patterns (firewall, NGINX, SELinux, DNS), installation methods (binary, package, container), and testing procedures.

Coverage thresholds and reporting. Use when analyzing and improving test coverage.

Backup, restore, and validate golden datasets for AI/ML systems - ensuring test data integrity and preventing catastrophic data loss