測試與安全

Authentication and authorization including JWT, OAuth2, OIDC, sessions, RBAC, and security analysis. Activate for login, auth flows, security audits, threat modeling, access control, and identity management.

Interactive API testing tool for the Kindle notes backend. Tests endpoints with intelligent data checking, minimal test data creation, and timing metrics.

Complete guide for working with GitHub Projects (v2) REST API for kanban board operations. Covers authentication, item management, field operations, status updates, and practical patterns for project automation.

Develop Notion templates and databases using Notion MCP tools in Claude Code. Orchestrates escape room design skills (narrative-architect, puzzle-designer, formula-master, localizer, playtester) and implements their output via Notion MCP API. Use when creating Notion templates, building databases, implementing game mechanics, or managing complex multi-step Notion development workflows. Handles rate limits, session persistence via Serena MCP, and iterative development cycles.

Testing patterns including pytest, unittest, mocking, fixtures, and test-driven development. Activate for test writing, coverage analysis, TDD, and quality assurance tasks.

Guide selection and interpretation of statistical hypothesis tests. Use when: (1) Choosing appropriate test for research data, (2) Checking assumptions before analysis, (3) Interpreting test results correctly, (4) Reporting statistical findings, (5) Troubleshooting assumption violations.

Expertise in automated testing, code review practices, and quality standards enforcement. Activates when working with "lint", "test", "review", "coverage", "quality", "standards", or test automation.

Landing page component registry integration for searching, browsing, and pulling pre-built React/TypeScript components from the monet MCP server. Use this skill when users want to (1) search for UI components (hero sections, pricing tables, testimonials, etc.), (2) pull/add components to their project, (3) browse available component categories, (4) get component details or code, or (5) explore the component registry statistics.

Provides step-by-step instructions for accessing the Rackspace Spot Kubernetes cluster to debug ARC runners using spotctl. Covers installation, authentication via GCP Secret Manager, kubeconfig retrieval, and common debugging commands. Activates on "spotctl", "cluster access", "rackspace debug", "kubeconfig", or "spot cluster".

Security auditing patterns for Midnight Network smart contracts and dApps. Use when reviewing code for vulnerabilities, privacy leaks, cryptographic weaknesses, or performing security audits.

Common vulnerability patterns in Solidity and how to prevent them. Use when reviewing contracts for security issues or learning about common exploits.

Integrate Cloudflare services with Dokploy templates: R2 storage, DNS challenge for SSL, Zero Trust Access, Workers, WAF, and Tunnel. Default to CF services for external dependencies.

Review test cases for Token Endpoint. Covers grant_type=authorization_code, client authentication (client_secret_basic, client_secret_post), token request/response validation, and all requirements per OIDC Core 1.0 Section 3.1.3 and OAuth 2.1.

Authentication system design and implementation guidance with Python examples using strict typing. Use when: (1) Designing authentication flows (signup, login, logout, refresh), (2) Selecting between session vs token-based auth, (3) Designing JWT structure and claims, (4) Implementing OAuth 2.0 flows, (5) Setting up multi-service authentication patterns, (6) Creating password reset and email verification flows, (7) Implementing role-based access control (RBAC), (8) Creating security checklists for auth systems, (9) Planning frontend/backend auth integration. All examples follow Python typing standards and security best practices.

Scaffold a new Angular component with test file following project conventions. Use when creating new components, widgets, or UI elements.

Systematically identify unused code by inverting the burden of proof. Assumes ALL added code is dead until proven used. Extracts all code items (procs, types, fields, imports), generates "X is dead" claims, verifies each with caller search, detects write-only dead code (stored but never read), performs iterative re-scanning after removals to find orphaned code, produces report with removal plan. Use when: reviewing code changes, auditing new features, cleaning up PRs, or user says "find dead code", "find unused code", "check for unnecessary additions", "what can I remove".

Automatically analyze test coverage when user asks which code is tested, mentions coverage gaps, or shows code asking about testing. Identifies untested code paths and suggests test additions. Invoke when user asks "what's not tested?", "coverage", "untested code", or "which tests are missing?".

Audit and optimize WordPress SEO (Yoast/Rank Math) - checks focus keywords, meta descriptions, featured images. Uses Unsplash API for missing images. Run on all pages/posts to identify and fix SEO issues.

Comprehensive testing and verification checklist for agent-created pull requests. Use when preparing to submit a PR, verifying changes work correctly, or ensuring all evidence requirements are met. Covers Docker setup, database seeding, performance baselines, and proof-of-functionality requirements.

Connect Supabase databases to Claude Desktop artifacts with authentication and read-only queries using native fetch API.