Security & Testing Agent Skills

Dependency Scanning

Identifies and remediates security vulnerabilities within project dependencies and third-party libraries.

SAST Security Configuration

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection in application code.

API Testing Mastery

Implements comprehensive API testing strategies, automation workflows, and Postman MCP integrations for reliable backend services.

Testing Strategy Specialist

Designs and implements comprehensive testing strategies to ensure codebase quality and reliability before the code review process.

Express API Testing Patterns

Implements comprehensive testing strategies for Express.js applications including unit, integration, and middleware tests.

Coverage Loop

Increases test coverage iteratively by identifying code gaps and writing targeted tests until a specific percentage is achieved.

Swift Testing Expert

Implements modern Swift Testing patterns using macros, assertions, and advanced test organization for iOS development.

Guardrails & Safety Instrumentation

Implements comprehensive input and output safety checks to secure AI agent interactions and protect sensitive data.

SAST Security Configuration

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection in application code.

Automated Code Verification

Automates code verification by suggesting and running context-aware tests, lints, and syntax checks after every modification.

CTO Codebase Audit

Performs comprehensive, expert-level assessments of software architecture and code quality to identify technical risks and scaling opportunities.

Automated Code Fixer

Executes targeted code fixes for issues identified in prior reviews using parallel subagents and automated verification.

HTML Injection Security Testing

Identifies and exploits HTML injection vulnerabilities to secure web applications against content manipulation and phishing attacks.

Privilege Escalation Methods

Provides specialized techniques and command patterns for escalating system privileges from low-level access to root or administrator status.

SQL Injection Security Testing

Conducts comprehensive SQL injection vulnerability assessments to identify, exploit, and remediate database security flaws in web applications.

SSH Penetration Testing

Conducts comprehensive security assessments of SSH services including enumeration, credential attacks, and vulnerability exploitation.

Pentest Commands Reference

Provides a comprehensive command reference for penetration testing tools including network scanning, exploitation, and vulnerability assessment.

Security Scanning Tools

Provides expert guidance and command-line patterns for network discovery, vulnerability assessment, and security auditing across diverse environments.

Test Fixture Skill

Provides a lightweight framework for fixture-based testing and comprehensive validation within the Vibe Agent Toolkit.

Deterministic Testing & Validation

Provides deterministic test fixtures and comprehensive validation for portable AI agent development.

Wireshark Traffic Analysis

Performs comprehensive network packet capture, filtering, and protocol analysis for troubleshooting and security investigations.

IDOR Vulnerability Testing Skill

Provides a systematic framework for detecting, exploiting, and remediating Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

Broken Authentication Security Testing

Identifies and exploits authentication and session management vulnerabilities in web applications to prevent unauthorized access and account takeovers.

API Fuzzing & Bug Bounty Security

Performs comprehensive API security assessments using advanced fuzzing, IDOR exploitation, and GraphQL vulnerability discovery techniques.

Agent Performance Evaluation

Builds robust evaluation frameworks and multi-dimensional rubrics to measure AI agent quality, accuracy, and efficiency.

Network 101: Service Lab Configuration

Configures and tests core network services like HTTP, HTTPS, SNMP, and SMB for penetration testing labs and security research.

Bitwarden for Claude Code

Manages secure passwords, secrets, and vault items directly through Claude Code using the Bitwarden CLI.

Privacy Review & Secret Scanner

Audits git repositories for sensitive data exposure to prevent accidental leaks of API keys, passwords, and credentials.

Dependency Scanning Security Skill

Scans project dependencies for known vulnerabilities and security risks to ensure software supply chain integrity.

Hookify Rule Writing

Configures custom guardrails and automated notifications for Claude Code by defining event-driven patterns.