Testing & Security

⚡ PRIMARY TOOL for: 'comprehensive audit', 'deep analysis', 'full codebase review', 'multi-perspective investigation', 'complex questions'. Combines ALL detective perspectives (architect+developer+tester+debugger). Uses Opus model. REPLACES grep/glob entirely. Uses claudemem v0.3.0 AST with ALL commands (map, symbol, callers, callees, context). GREP/FIND/GLOB ARE FORBIDDEN.

Automated dependency management with security scanning, update orchestration, and compatibility validation

Audits Claude Code hooks for correctness, safety, and performance. Use when reviewing, validating, or debugging hooks, checking exit codes, error handling, or learning hook best practices.

Senior Frontend QA Engineer with 10+ years JavaScript/TypeScript testing experience. Use when writing unit tests for React components, creating integration tests with React Testing Library, testing custom hooks, mocking APIs, or following TDD for frontend.

Build accessible user interfaces with semantic HTML, keyboard navigation, proper color contrast, ARIA attributes, and screen reader support. Use this skill when creating or modifying frontend UI components, HTML templates, JSX/TSX files, forms, interactive elements, modals, navigation menus, or any user-facing interface code. Use this when ensuring keyboard accessibility, adding ARIA labels and roles, providing alt text for images, managing focus states, implementing proper heading hierarchy, testing with screen readers, or ensuring sufficient color contrast ratios. Use this when working on .jsx, .tsx, .vue, .html, or component files that render UI elements.

セキュリティ・エラーハンドリングレビュー - OWASP Top 10、エラー処理、ログ管理を統合評価

Auditar a camada de cache Redis reativa (lettuce), garantindo binding de secrets, TTLs e métricas consistentes no Swarm.

Git attributes configuration for cross-platform line ending normalization and file handling. Includes 8 required pattern categories (global auto-detection, source code, shell scripts, Windows files, Docker files, binary files, lock files, generated files). Critical for Windows WSL compatibility. Use when creating or auditing .gitattributes files to prevent line ending issues and binary corruption.

Phoenix controllers, JSON APIs, Channels, and Presence on the BEAM. Covers routing, plugs, versioned APIs, Ecto-backed contexts, PubSub broadcasting, Presence tracking, authentication, testing, telemetry, and deployment considerations.

Create encrypted, verifiable backups with proof receipts (BLAKE3 + ROOT.txt) and mandatory restore drill. Uses age encryption for modern, simple UX. Designed for sovereign EU infrastructure. Use after node-hardening completes. Triggers: 'backup node', 'encrypted backup', 'create backup', 'restore drill', 'generate proof receipts', 'verify backup', 'backup with proof'.

Security requirements, threats, and controls that apply across this system.

Create custom Semgrep rules for vulnerability detection. Use when writing new rules for specific vulnerability patterns, creating org-specific detections, or building rules for novel attack vectors discovered during bug bounty hunting.

REST API best practices, OpenAPI/Swagger patterns, authentication, and error response formats

Security review and implementation support based on OWASP Cheat Sheet Series. Use for code review requests, security-related implementation/research, and vulnerability checks. Covers security topics such as XSS, SQL Injection, CSRF, and authentication/authorization.

Automate QuantConnect cloud backtesting workflow with GitHub integration. Push strategies to QuantConnect cloud, execute backtests, wait for completion, and retrieve performance metrics. This skill should be used when running backtests on QuantConnect cloud or testing trading strategies.

Generate FastAPI endpoint files with Pydantic models, dependency injection, and async handlers. Triggers on "create fastapi endpoint", "generate fastapi router", "python API endpoint", "fastapi route".

Parse OSCAL (Open Security Controls Assessment Language) documents in JSON, YAML, or XML formats and extract structured compliance data. Use this skill when working with security control catalogs, system security plans, component definitions, or other OSCAL document types.

Tests web applications with Playwright including E2E tests, locators, assertions, and visual testing. Use when writing end-to-end tests, testing across browsers, automating user flows, or debugging test failures.

交易员最新指令管理 - AI 代理在每次对话开始时必须检查此 skill, 读取并遵守 docs/最新指令.md 中的指令

Adapt escape room games for global markets (English, Korean, Japanese) with cultural considerations, efficient translation workflows, and language-agnostic design strategies. Handles multilingual template creation, cultural adaptation, and localization testing. Use when preparing games for international audiences or implementing multi-language support.