測試與安全

Test and debug Next.js API routes, validate responses, check authentication, and troubleshoot API errors. Use when testing API endpoints, debugging 500 errors, validating API responses, or checking authentication flows.

Download ledger transactions from Cloverleaf property management portal using Playwright browser automation when user says "get ledger transactions", "download from cloverleaf", "fetch property transactions"

Context-efficient browser automation using Playwright scripts and subagent isolation. Use when you need to interact with web pages, extract data from websites, verify page elements, or automate browser tasks while avoiding context window pollution from verbose HTML/accessibility trees. Provides both direct script execution and a specialized subagent pattern for complex investigations that generate large intermediate responses.

Comprehensive research skill using Exa AI tools for web search and code context retrieval. Use when conducting research on technologies, finding code examples, discovering latest tools, or gathering comprehensive information on any topic. Combines web search for articles/news with code search for implementation examples.

CRITICAL security skill teaching proper credential and password handling. NEVER store passwords, use bcrypt/argon2, NEVER accept third-party credentials. Use when handling authentication, passwords, API keys, or any sensitive credentials.

Runner group organization strategies for GitHub Actions. Repository access restrictions, workflow controls, and security boundaries for self-hosted runners.

Performs thorough code reviews focusing on quality, best practices, security, and maintainability. Use when user asks for code review, feedback on code quality, or wants suggestions for improvements.

Implement comprehensive testing strategies with pytest, fixtures, mocking, and test-driven development for FastAPI applications. Use when writing Python tests, setting up test suites, or implementing testing best practices.

Creates, analyzes, updates, and evaluates Model Context Protocol (MCP) servers including architecture assessment, security validation, and connection configuration. Use when user asks if current context or logic should be MCP, requests MCP creation/improvement/update, mentions MCP is outdated, or asks how MCPs work, what MCPs are, explaining MCP concepts, understanding MCP architecture, protocol specification, server implementation, client integration, or connecting MCP servers to Claude Code.

Use this skill when building MCP (Model Context Protocol) servers with FastMCP in Python. FastMCP is a framework for creating servers that expose tools, resources, and prompts to LLMs like Claude. The skill covers server creation, tool/resource definitions, storage backends (memory/disk/Redis/DynamoDB), server lifespans, middleware system (8 built-in types), server composition (import/mount), OAuth Proxy, authentication patterns, icons, OpenAPI integration, client configuration, cloud deployment (FastMCP Cloud), error handling, and production patterns. It prevents 25+ common errors including storage misconfiguration, lifespan issues, middleware order errors, circular imports, module-level server issues, async/await confusion, OAuth security vulnerabilities, and cloud deployment failures. Includes templates for basic servers, storage backends, middleware, server composition, OAuth proxy, API integrations, testing, and self-contained production architectures.Keywords: FastMCP, MCP server Python, Model Context

Audit code for security vulnerabilities using OWASP Top 10, STRIDE threat modeling, and secure coding practices. Identifies SQL injection, XSS, CSRF, auth issues, and secrets exposure. Returns prioritized findings with remediation.

Generate Vitest unit tests following project conventions. Use when user asks to create tests, write test cases, or add test coverage for TypeScript functions.

Expert guidance for developing and integrating AI systems using LLM APIs, SDKs, and Model Context Protocol (MCP). Covers API selection, SDK patterns, MCP development, production patterns, security, cost optimization, and architecture decisions for building production-ready AI integrations.

Manage and troubleshoot Coolify deployments using the official CLI and API. Use this skill when the user needs help with Coolify server management, WordPress troubleshooting on Coolify, debugging service issues, checking SSL certificates, accessing containers, or managing applications and databases through Coolify. Particularly useful for diagnosing down services, fixing .htaccess issues, REST API problems, and performing deployment operations.

Read a webpage into cleaned markdown using curl + markitdown + codex exec. Use whenever asked to read a webpage or extract article content from a URL. Static HTML only; JS/client-rendered pages require a Playwright workflow.

Expert knowledge for testing Composable Rust applications. Use when writing unit tests for reducers, setting up integration tests with real dependencies, using test utilities (TestStore, FixedClock, mocks), working with testcontainers for PostgreSQL/Redpanda, property-based testing, or questions about testing patterns and best practices.

Guide development following Kent Beck's Test-Driven Development (TDD) using Red → Green → Refactor cycle. Use when writing tests first, implementing features with TDD, need to write failing tests, make tests pass, refactoring after tests pass, following red-green-refactor, fixing defects with tests, or practicing test-driven development methodology.

Generate high-converting cold outreach emails for Riflebird Agency based on micro-audit findings. Use when generating emails for SEO audit outreach, lead generation, or when the user mentions "cold email", "outreach email", "micro-audit email", or Riflebird lead generation.

Comprehensive web application testing patterns with Playwright selectors, wait strategies, and best practices

Fetch and analyze GitHub Actions pipeline errors. Use when the user wants to debug CI/CD failures, check workflow runs, or troubleshoot test failures.