Testing & Security

Orchestrates comprehensive audits across multiple specialized auditors for Claude Code customizations and provides guidance on naming, organization, best practices, and troubleshooting. Use when: (1) Auditing - wants complete evaluation, multi-faceted analysis, coordinated audit reports, thorough validation, or asks to audit multiple components; (2) Guidance - asks "what should I name...", "how should I organize...", "best practices for...", troubleshooting issues, understanding evaluation criteria, or needs pre-deployment validation. Automatically determines which auditors to invoke (agent-audit, skill-audit, hook-audit, command-audit, output-style-audit, evaluator, test-runner) based on target type and compiles unified reports with consolidated recommendations.

Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task. Use when user wants to test websites, automate browser interactions, validate web functionality, or perform any browser-based testing.

Implement robust error handling with user-friendly messages, specific exception types, centralized error boundaries, and graceful degradation strategies. Use this skill when writing try-catch blocks, handling exceptions and errors, creating error messages for users, implementing error boundaries in React or other frameworks, validating input and checking preconditions, handling API errors and external service failures, implementing retry strategies with exponential backoff, cleaning up resources in finally blocks, designing graceful degradation for non-critical failures, or preventing technical details and security information from being exposed to users. Apply this skill when handling errors in any code file, implementing error recovery mechanisms, or reviewing error handling approaches for robustness and security.

Use this skill when you need to perform comprehensive security vulnerability assessments on a codebase. This skill launches the security-orchestrator agent to conduct systematic security reviews by breaking down the codebase into architectural units and performing deep security analysis.

.NET 코드에서 정적 분석(Static analysis), 보안 스캔(Security scan) 및 종속성 체크(Dependency check)를 수행합니다. 코드 품질, 보안 감사 또는 취약점 탐지가 포함된 작업에서 사용합니다.

Synthèse co-fabriquée par un conseil de 3 LLMs (Claude, Gemini, Codex). Ce skill devrait être utilisé quand l'utilisateur demande une synthèse robuste, traçable et vérifiée. Il orchestre trois modèles avec des rôles experts distincts (Extracteur, Critique, Architecte) pour produire une synthèse fidèle au texte source, avec contrôle des glissements sémantiques et trail d'audit complet.

Automated security scanning workflow using Semgrep MCP. Scans changed files for OWASP Top 10 vulnerabilities, CWE patterns, hardcoded secrets, and security misconfigurations. Returns prioritized findings with remediation guidance. Use when security validation is needed for code changes (invoked by security-engineer, code-quality-validator, or /audit command). Scans only changed files for efficiency (10-15s overhead).

Guide through REFACTOR phase of TDD cycle - improving code while tests pass

Provides quick reference for all Sagebase CLI commands and Docker operations. Activates when user asks how to run application, test, format code, manage database, or execute any Sagebase operation. Includes just commands, unified CLI, testing, formatting, and database management.

Production-grade accessibility skill for WCAG 2.2 AA compliance.Covers auditing, remediation, component authoring, and validation workflows.Auto-invoked for UI implementation, a11y fixes, and accessibility testing.

This skill should be used when creating new test lanes for the XML test data generator. A test lane consists of an XSD schema file paired with a meta.yaml configuration file. This skill guides the process of creating both files with proper semantic type mappings, distribution settings, and field overrides. Use when users request new test lanes, want to generate test data configurations, or need help setting up XSD + meta.yaml pairs for the testgen CLI tool.

Comprehensive TypeScript best practices including type imports, security patterns, code structure, and early returns. Use when writing TypeScript code, reviewing for quality, implementing error handling, or ensuring type safety.

Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.

Use when working in mm-ibkr-gateway to access market data, account summary, positions, PnL, or orders via the REST API (FastAPI). Covers starting the API server, required env and safety settings, authentication with X-API-Key, and market/account/order endpoints for quote, historical bars, preview, place, status, cancel, and open orders.

Creates CI/CD pipeline configurations for automated testing and deployment

⚡ PRIMARY TOOL for: 'what's the architecture', 'system design', 'how are layers organized', 'find design patterns', 'audit structure', 'map dependencies'. Uses claudemem v0.3.0 AST structural analysis with PageRank. GREP/FIND/GLOB ARE FORBIDDEN.

Validates code against currently loaded rules and reports compliance violations. Use after implementing features, during code review, or to ensure coding standards are followed. Provides actionable feedback with line-by-line issues and suggested fixes.

Automated Google Tag Manager debugging with visual monitoring, screenshot annotation, and MCP integration. Use when testing GTM configurations, verifying tag firing, debugging dataLayer events, validating consent mode, checking tracking implementations, or automating GTM container builds with Stape/GTM MCP servers. Triggers on "debug GTM", "test GTM tags", "GTM preview", "verify tag firing", "check dataLayer", "monitor tags", "validate consent", "did my GTM fix work", "validate tracking", "annotate screenshot", "GTM QA", or when verifying configuration changes via browser automation.

Patterns for writing effective, maintainable tests

CI/CD pipeline failure resolution with autonomous iteration loops. Local validation → branch & PR creation → CI monitoring → iteration until green. Proven patterns for GitHub Actions, includes role-specific adaptations. Use when CI pipeline failures occur, GitHub Actions errors detected, autonomous error resolution needed, PR creation for fixes required. Triggers on ci pipeline failures, github actions errors, autonomous ci resolution, ci iteration, pr creation for errors, pipeline validation, test failures in ci, build failures in ci, continuous integration debugging.