Testing & Security

Manages local web server lifecycle and enables web page development with Playwright MCP. Use when developing HTML/CSS/JS, building web pages, viewing web pages, testing UI interactions, verifying renders, debugging frontend issues, or iterating on web design. Covers build, startup, shutdown, and browser-based testing workflows.

Configure organization-level GitHub Apps for secure cross-repository automation. Machine identity, audit trails, and enterprise-grade authentication.

Build production-ready Opal IGA custom connectors with proper authentication, API compliance, security, and testing. Use when generating, auditing, or refactoring Opal connectors.

This skill should be used after creating or modifying test code to deeply analyze test structure, ensure enterprise-readiness, detect fake success patterns, and verify tests provide real value - validates against integration testing best practices to prevent tests that pass when implementation is broken

Review Server Actions for security, validation, and best practices in React 19. Use when reviewing forms, mutations, or server-side logic.

Orchestrates access to the Home Assistant REST API for programmatic control of smart home devices. Routes requests to specialized resource files based on task type - authentication, state management, service calls, entity types, or advanced queries. Provides intelligent decision tables for selecting appropriate endpoints and managing integrations.

Systematic refactoring workflow - use coverage/complexity tools to identify targets, plan issues, execute with tests

Guides systematic implementation of new sustainability metrics in OSS Sustain Guard using the plugin-based metric system. Use when adding metric functions to evaluate project health aspects like issue responsiveness, test coverage, or security response time.

Use when creating or editing skills, before deployment, to verify they work under pressure and resist rationalization - applies RED-GREEN-REFACTOR cycle to process documentation by running baseline without skill, writing to address failures, iterating to close loopholes

Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.

Execute complete build pipeline with dead code detection, formatting, linting, type checking, testing, and production build. Use when the user mentions building, running the full pipeline, checking code quality, or preparing for deployment. Auto-triggers on phrases like "build the project", "run all checks", "prepare for production", or "validate code quality".

Master OAuth 2.0 authorization patterns with OpenIddict and ABP Framework including permission-based authorization, role-based access control, custom claims, and multi-tenant security. Use when implementing authentication/authorization for ABP applications.

ONLY trigger this skill when the user EXPLICITLY asks for MCP-based testing:**Required triggers (ALL must mention "MCP" explicitly):**- "test connector with mcp"- "test mcp connector"- "test [provider] with mcp"- "use mcp to test [provider]"- "run mcp connector test"- "mcp test for [provider]"**DO NOT trigger for:**- Generic "test the connector" requests (use stackone run / test_actions instead)- "test [provider]" without explicit MCP mention- Regular validation or testing requests- Any testing that doesn't explicitly mention MCPThis skill builds a REAL agent with Claude Agent SDK that sends natural language prompts to evaluate if action descriptions are agent-friendly. It's more intensive than regular testing and should only be used when explicitly requested.

识别项目技术栈、测试框架和环境依赖，为 Compile ExecSpec 提供基础上下文。当需要编译 ExecSpec 前，识别项目类型（Node/Python/Go）、测试框架（Jest/Pytest/RSpec）、环境变量依赖（dotenv/os.getenv）时使用。

Python development standards including pytest, ruff, black, and mypy. Use when working with Python files, tests, or dependencies.

Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.

Teach Data Access Layer pattern to prevent CVE-2025-29927 middleware authentication bypass. Use when implementing authentication, authorization, protecting routes, or working with server actions that need auth.

Diagnose and fix CI/CD failures related to Lint errors and test failures. Use when: (1) User mentions CI/CD failures, lint errors, or test failures, (2) User asks to fix code quality issues or make tests pass, (3) User requests to check or verify code before committing/pushing, (4) Working on a task that requires running lint or tests to validate changes. This skill provides systematic workflows for identifying, diagnosing, and fixing common Lint and test errors in TypeScript/React projects using ESLint, Prettier, and Vitest.

UX patterns and section templates for Astro lead generation sites. Hero, features, testimonials, CTAs, FAQ sections. Use for page section design.

Coordinates 9 specialized audit workers (security, build, architecture, code quality, dependencies, dead code, observability, concurrency, lifecycle). Researches best practices, delegates parallel audits, aggregates results into single Linear task in Epic 0.