Security & Testing Agent Skills

Security Assessment

Conducts comprehensive security audits, vulnerability scans, and penetration testing to identify and remediate software security risks.

TypeScript Unit Testing Professional

Streamlines the creation, debugging, and optimization of TypeScript and NestJS unit tests using Jest and industry-standard mocking patterns.

APEX OmniHub Ecosystem Developer

Generates zero-drift, enterprise-grade code for the APEX OmniHub ecosystem, specializing in Web2/Web3 bridges and rigorous ARMAGEDDON testing.

Docker Security Hardening

Secures Docker containers and images through hardening, vulnerability scanning, and CIS benchmark compliance.

Test Planning Expert

Generates comprehensive test strategies and structured plans to ensure high-quality software releases and robust coverage.

Documentation Test Generator

Automatically extracts code examples from documentation and converts them into verified Vitest tests to ensure content accuracy.

Runtime Standards Compliance

Enforces and audits the 2026 Universal Agentic Runtime standards for Claude Code plugin components.

Code Quality & Standards Protocol

Enforces universal engineering standards for TDD, security, and code quality across debugging, implementation, and review workflows.

Auditing & Security

Scans code for sensitive secrets and performs comprehensive security audits to prevent vulnerabilities and data leaks.

Repository Security Auditor

Performs comprehensive security audits on GitHub repositories to detect malicious code, data exfiltration, and suspicious dependencies before installation.

MCP Scanner

Evaluates third-party Model Context Protocol (MCP) servers for security vulnerabilities, functionality, and legal compliance before installation.

Verification Before Completion

Enforces a rigorous evidence-based workflow by requiring actual command output before any claims of success or task completion.

End-to-End Testing Orchestrator

Orchestrates comprehensive end-to-end testing workflows by coordinating browser automation with real-time server verification.

Python Type Safety Validator

Automatically validates Python type safety by running Pyrefly or Mypy whenever files are modified.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure high-quality, verified code production through test-first development.

API Security Patterns

Implements robust API security architectures using OWASP-aligned patterns for authentication, authorization, and data protection.

Systematic Debugging

Enforces a rigorous four-phase process to identify root causes and implement permanent fixes for complex technical issues.

Web Application Testing Toolkit

Facilitates end-to-end testing and interaction with local web applications using automated Playwright scripts and server management tools.

JS Test Coverage Generator

Generates and analyzes JavaScript test coverage reports to identify untested code paths and improve application reliability.

TDD Workflow Conductor

Implements a rigorous Test-Driven Development (TDD) cycle with automated quality gates and Git-integrated task tracking.

Eval Harness

Implements an Eval-Driven Development (EDD) framework to define, test, and validate Claude Code's performance using standardized evaluation metrics.

Code Quality & Linting

Ensures code integrity and standard compliance by automating linting, type-checking, and static analysis across development workflows.

TDD Workflow Pro

Enforces strict test-driven development cycles with comprehensive coverage requirements for robust, bug-free code.

Verification Loop

Ensures code quality and production readiness through a multi-phase verification system covering builds, types, tests, and security.

Codex Root Cause Fixer

Diagnoses and resolves software errors by tracing root causes and delegating verified fixes to the Codex stack.

Clean Architecture Validator for .NET

Validates .NET API projects to ensure strict adherence to Clean Architecture principles and proper layer separation.

Secure Repository - Secret Scanning

Protects Git repositories from accidental exposure of API keys, passwords, and tokens by installing automated secret scanning hooks.

Web App Testing & Playwright Automation

Automates local web application testing and UI verification using Playwright and intelligent server lifecycle management.

Enterprise Code Reviewer

Performs comprehensive enterprise-grade code reviews focused on security, performance, maintainability, and architectural integrity.

Defensive Security Operations

Automates security operations center tasks including threat hunting, alert triage, and incident response orchestration.