Security & Testing Agent Skills

Git Security 2025

Enforces modern Git security protocols including signed commits, zero-trust workflows, and proactive secret scanning.

Vibe Coder QA

Automates the UI testing workflow by using screenshots and Claude Vision to identify layout issues and visual bugs without writing test code.

Vision QA Workflow

Automates visual quality assurance by capturing and analyzing screenshots across web and mobile platforms using Claude's vision capabilities.

Mabl Expert

Automates end-to-end testing with AI-powered self-healing capabilities to maintain robust UI test suites.

Visual Regression Expert

Automates visual UI testing and screenshot analysis using AI to detect regressions and design inconsistencies across web and mobile platforms.

Condition-Based Waiting

Eliminates flaky tests and race conditions by replacing arbitrary timeouts with intelligent state polling.

Qodo Cover Expert

Automates test suite generation and increases code coverage using AI-driven semantic analysis and edge-case detection.

Testany Case Management

Manages the lifecycle of Testany platform test cases including creation, searching, bulk updates, and script synchronization.

AppSec Plan Reviewer

Analyzes implementation plans and architecture designs to identify security vulnerabilities before a single line of code is written.

Secrets Detection & Security Scanning

Identifies and remediates hardcoded credentials, API keys, and sensitive tokens across source code and git history.

Business Logic Security Auditor

Analyzes application workflows and business rules to identify logic-based security vulnerabilities that automated scanners often miss.

Privilege Escalation Security Auditor

Identifies authorization vulnerabilities and privilege escalation paths within your source code using the STRIDE threat modeling framework.

Privacy Detectability & Side-Channel Analyst

Analyzes source code for detectability threats and timing side channels to prevent unauthorized inference of system interactions.

Injection Security Analysis

Audits source code for SQL, NoSQL, and command injection vulnerabilities to align with OWASP Top 10 security standards.

Identifiability Analysis

Analyzes source code and data structures to detect PII exposure and re-identification risks in anonymized datasets.

Data Flow Security Mapper

Traces application data from input sources to storage sinks to identify security vulnerabilities and trust boundary violations.

Denial of Service (DoS) Analysis

Scans source code to identify and mitigate vulnerabilities that could lead to service disruptions or resource exhaustion.

Race Condition Security Auditor

Analyzes source code to detect and remediate complex concurrency vulnerabilities like TOCTOU, double-spend bugs, and non-atomic operations.

PASTA Risk & Impact Analysis

Calculates business-weighted risk scores and generates prioritized remediation roadmaps for the PASTA threat modeling framework.

Remote Unit Test Verifier

Executes and parses remote unit tests as a final quality gate for code verification.

Test-Driven Development (TDD)

Enforces a rigorous Red-Green-Refactor workflow by requiring failing tests before any production code implementation.

PASTA Attack Simulator

Simulates realistic exploit chains and scores vulnerability exploitability using the PASTA threat modeling framework.

Systematic Debugging

Enforces a rigorous, four-phase methodology to identify root causes and implement reliable fixes for software bugs.

Linkability & Privacy Analysis

Analyzes source code to identify and mitigate linkability threats where user data can be correlated across services, sessions, or contexts.

PASTA Stage 2: Technical Scope Mapping

Maps application attack surfaces and technical boundaries to create comprehensive data flow diagrams for threat modeling.

Personal Data Disclosure Auditor

Audits source code to identify and mitigate unauthorized personal data (PII) exposure in logs, APIs, and third-party integrations.

Agent Skill Evaluator

Performs comprehensive security and safety assessments of agent skills and MCP servers to identify prompt injection risks, malicious code, and data exfiltration attempts.

AppSec Glossary

Provides instant definitions and framework mappings for application security terms and vulnerability classes.

PASTA Threat Analysis

Identifies and analyzes potential threats by profiling actors and mapping attack vectors to the MITRE ATT&CK framework using the PASTA methodology.

AppSec Configuration Manager

Manages persistent security preferences, tool thresholds, and scan exclusions for integrated application security workflows.