Testing & Security

Expert performance optimization including profiling, bottleneck analysis, caching, and load testing

Testing patterns for React Native with Jest and React Native Testing Library. Use when writing tests, mocking Expo modules, testing Zustand stores, or debugging test failures.

Use when completing implementation in worktree to create review document for coordinator to route to review agent - documents what was built, test results, and suggested documentation updates

Scans Infrastructure as Code for security misconfigurations. Wraps tfsec for Terraform and Checkov for multi-cloud IaC. Use when user asks to "scan Terraform", "IaC security", "infrastructure scan", "tfsec", "checkov", "Terraformセキュリティ", "インフラスキャン".

Use when building SaaS applications needing data isolation between customers - implements owner-based filtering for secure multi-tenant document storage and search with workspace, organization, or tenant-level separation

Attack WiFi networks using WPA/WPA2 cracking, WPS exploitation, Evil Twin attacks, deauthentication, and wireless reconnaissance. Use when pentesting wireless networks or performing WiFi security assessments.

Automatically generate and run tests after each code change. Use when: any code is generated or modified in the pipeline. Triggers: internal use only.

Test MCP server connectivity and tool execution. Use when adding new MCP servers, debugging tool integration, or verifying tool availability. Supports stdio, http, and sse server types.

Security Chief - Vulnerability detection, security validation, and protection enforcement

CIPS bridge for session resumption. Enables cips resume latest, cips resume gen:N, and --fresh flags. Maintains continuity across sessions.

Automate creation of multiple audio overviews in Google NotebookLM using Playwright. Use when the user needs to generate multiple audio podcasts from web sources with different prompts or focus areas, or when batch-creating NotebookLM audio content.

Investigate GitHub security incidents using tamper-proof GitHub Archive data via BigQuery. Use when verifying repository activity claims, recovering deleted PRs/branches/tags/repos, attributing actions to actors, or reconstructing attack timelines. Provides immutable forensic evidence of all public GitHub events since 2011.

Automate code quality checks with Git hooks. Use when setting up pre-commit linting, pre-push testing, commit message validation, or automated code formatting. Supports Husky, lint-staged, ESLint, Prettier, and custom hooks for any project.

Enforce comprehensive verification and testing before declaring completion. Use when implementing features, making changes, or completing tasks. Prevents insufficient verification (FP-10).

Assists with code review by analyzing code changes for quality, best practices, security, and potential issues. Activates after implementing code features, bug fixes, or refactorings. Provides structured feedback with critical issues, suggestions, and positive highlights.

Comprehensive code review skill for TypeScript, JavaScript, Python, Swift, Kotlin, Go. Includes automated code analysis, best practice checking, security scanning, and review checklist generation. Use when reviewing pull requests, providing code feedback, identifying issues, or ensuring code quality standards.

Phase 5 of disciplined development. Validates system against original requirements through system testing and user acceptance testing (UAT). Uses structured stakeholder interviews to gather sign-off and traces defects back to research or design phases.

CodeGenAgent スキル - Claude Sonnet 4によるAI駆動コード生成。 GitHub Issueの内容を解析し、TypeScriptコード・ユニットテスト・型定義を自動生成。 Use when: - 新しいコードを生成する時 - Issue内容からコード実装が必要な時 - TypeScript/Vitestテストの自動生成が必要な時 - BaseAgentパターンに従った実装が必要な時 - "コード生成", "実装", "feature", "bug fix" がキーワードに含まれる時

Generic DigitalOcean droplet deployment using doctl CLI for any application type (APIs, web servers, background workers). Includes validation, deployment scripts, systemd service management, secret handling, health checks, and deployment tracking. Use when deploying Python/Node.js/any apps to droplets, managing systemd services, handling secrets securely, or when user mentions droplet deployment, doctl, systemd, or server deployment.

React Native mobile development patterns for authentication, platform-specific issues, navigation, and SDK integration. Use when debugging React Native apps, fixing iOS/Android issues, handling auth flows, or integrating native SDKs.