Testing & Security

Test Zod schemas comprehensively with unit tests, integration tests, and type tests for validation logic

Code review mode - comprehensive review with security, performance, and maintainability focus

Test TUI (Text User Interface) applications using tmux. Use this skill when you need to automate testing of terminal-based applications by sending keystrokes and capturing pane output.

Use when reviewing test suites, after test runs pass, or when user asks about test quality - performs exhaustive line-by-line audit tracing code paths through entire program, verifying tests actually validate what they claim. Outputs structured report compatible with fix-tests skill.

Setup UI Automator 2.4 smoke test for validating app launches (works with debug and release builds)

Package entire code repositories into single AI-friendly files using Repomix. Capabilities include pack codebases with customizable include/exclude patterns, generate multiple output formats (XML, Markdown, plain text), preserve file structure and context, optimize for AI consumption with token counting, filter by file types and directories, add custom headers and summaries. Use when packaging codebases for AI analysis, creating repository snapshots for LLM context, analyzing third-party libraries, preparing for security audits, generating documentation context, or evaluating unfamiliar codebases.

Multi-agent orchestration system sử dụng Claude subagents thực tế từ thư mục agents/ cho security reviews, code quality analysis, deployment validation, infrastructure checks. Auto-activates với orchestrator-worker pattern và extended thinking mode.

Scaffold a native-looking, effective Electron app with best practices baked in. Creates a production-ready Electron application with security hardening, modern tooling, proper IPC patterns, auto-updates, native UI elements, and optimal build configuration. Use this skill when users want to start a new Electron project or modernize an existing one.

Design and implement end-to-end type-safe APIs using tRPC with proper router organization, procedure definitions, input validation with Zod schemas, context management, and middleware. Use this skill when creating or modifying tRPC router files like server/routers/*.ts, src/server/api/routers/*.ts, *.router.ts, or any files containing tRPC procedure definitions, queries, and mutations. Use this when defining tRPC routers with .query() for read operations and .mutation() for write operations, implementing input validation using Zod schemas with .input(z.object({...})) for type-safe runtime validation of all procedure parameters, creating and organizing reusable sub-routers by feature or domain (user router, post router, comment router) and composing them into a main app router using mergeRouters or router nesting, setting up tRPC context in createContext functions to provide request-scoped data like user sessions, database connections, or authentication state to all procedures, implementing tRPC middleware wit

Use when scaffolding, auditing, or validating Prisma database packages in MetaSaver monorepos. Covers package structure, Prisma schema setup, database client initialization, and seed scripts. File types: .prisma, .ts, package.json.

Generates Husky Git hooks configuration with pre-commit checks. Creates .husky/pre-commit file for running linting, testing, and formatting before commits.

Use when you need to plan technical solutions that are scalable, secure, and maintainable.

This skill should be used when auditing or comparing Claude Code and Cursor IDE configurations to identify feature gaps, equivalencies, and migration opportunities. Useful when managing AI development tooling across both platforms or deciding how to structure AI workflows.

Create and manage OSCAL component definitions for reusable security control implementations. Inspired by CivicActions components and community patterns. Use for building component libraries and shared control implementations.

Develop Python applications using modern patterns, uv, and functional-first design. Activate when working with .py files, pyproject.toml, uv commands, or user mentions Python, itertools, functools, pytest, mypy, ruff, async, or functional programming patterns.

Expert skill for implementing JWT-based authentication in FastAPI applications. Handles token generation, verification, user authentication, protected routes, and security best practices. Includes setup for password hashing, OAuth2 schemes, and user data isolation. Use when implementing JWT authentication in FastAPI applications, securing API endpoints with token-based authentication, or implementing user registration and login functionality.

30 pragmatic rules for production JavaScript covering async operations, V8 optimization, memory management, testing, error handling, and performance. Use when writing JavaScript, optimizing performance, handling promises, or building production-grade applications. Includes promise rejection handling, V8 hidden classes, memory leak prevention, and structured testing patterns.

Scans code for security vulnerabilities and suggests fixes. Use when checking for security issues, validating input handling, or performing security audits.

Implement mobile-first responsive designs with fluid layouts, breakpoints, relative units, and touch-friendly interfaces that work across all device sizes. Use this skill when writing or modifying React components (.tsx, .jsx files), when implementing CSS or Tailwind responsive utilities (sm:, md:, lg:, xl: breakpoints), when working on layout components, navigation menus, grid systems, when optimizing for mobile devices, tablets, or desktop screens, when implementing media queries, when ensuring touch-friendly UI elements, or when testing cross-device compatibility.

Use when creating new skills, editing existing skills, or verifying skills work before deployment - applies TDD to process documentation by testing with subagents before writing, iterating until bulletproof against rationalization