Testing & Security

Comprehensive FastAPI development skill covering REST API creation, routing, request/response handling, validation, authentication, database integration, middleware, and deployment. Use when working with FastAPI projects, building APIs, implementing CRUD operations, setting up authentication/authorization, integrating databases (SQL/NoSQL), adding middleware, handling WebSockets, or deploying FastAPI applications. Triggered by requests involving .py files with FastAPI code, API endpoint creation, Pydantic models, or FastAPI-specific features.

Python project scaffolding and development with modern tooling. Use when creating new Python projects, setting up virtual environments, configuring dependencies, or working with Flask web applications. Triggers on mentions of Python setup, uv, Flask, pytest, or project initialization.

Create and maintain Roslyn source generators for compile-time code generation. Use when building incremental generators, designing pipelines with ForAttributeWithMetadataName, creating marker attributes, implementing equatable models, testing generators, or debugging generator performance issues.

General-purpose browser automation skill for Playwright. Use this skill when the user wants to automate browser tasks like testing login flows, scraping data, taking screenshots, filling forms, clicking elements, or any interactive web automation. This skill provides smart utilities for session management, error handling, and development server detection. NOT for scheduled monitoring (use web-monitor-bot instead).

Python development best practices for modern Python projects. Activated when working with Python files, pyproject.toml, or discussing Python patterns, testing, linting, type hints.

Expert code reviewer that enforces best practices, clean code principles, strong typing (TypeScript), architecture guidelines, and security standards. Reviews PRs and code snippets for bugs, code smells, anti-patterns, maintainability risks, performance issues, and security vulnerabilities. Use when reviewing pull requests, analyzing code quality, conducting code audits, or improving TypeScript/JavaScript codebases.

Manage Node.js dependencies including adding, updating, auditing, and resolving conflicts. Use when updating dependencies or resolving version conflicts.

Share local services publicly or privately via secure tunnels. Use when needing to expose localhost ports, share dev servers, create public URLs for local services, or set up secure tunnels between machines.

This skill should be used when the user asks to "set up CI", "configure GitHub Actions", "create a workflow", "pin actions", "use ratchet", "set up Claude code review", "configure AWS OIDC", "deploy with tickforge", or mentions GitHub Actions, CI/CD pipelines, or workflow security. Provides Uptick's security-first GitHub Actions patterns.

Critiques your paper draft as a skeptical reviewer would. Use when asked to review a paper draft, find weaknesses in a paper, prepare for peer review, anticipate reviewer criticism, or stress-test research before submission. Identifies weak claims, missing baselines, unclear explanations, and overclaims.

A test skill for validation

Comprehensive security analysis including SAST, DAST, dependency scanning, secret detection, and vulnerability assessment. Use for security audits, CVE tracking, compliance checks, and preventing vulnerabilities from reaching production. Supports multiple languages and frameworks.

WHEN: Dockerfile review, multi-stage builds, layer optimization, docker-composeWHAT: Image optimization + Layer caching + Security scanning + Compose best practices + Build efficiencyWHEN NOT: Kubernetes → k8s-reviewer, Terraform → terraform-reviewer

⚡ PRIMARY TOOL for: 'comprehensive audit', 'deep analysis', 'full codebase review', 'multi-perspective investigation', 'complex questions'. Combines ALL detective perspectives (architect+developer+tester+debugger). Uses Opus model. REPLACES grep/glob entirely. Uses claudemem v0.3.0 AST with ALL commands (map, symbol, callers, callees, context). GREP/FIND/GLOB ARE FORBIDDEN.

Use Lockplane for safe database schema management - define schemas in .lp.sql files, validate, and apply with shadow DB testing

Shared resource library for Slack integration skills. DO NOT load directly - provides common references (setup, API docs, error handling, authentication) and scripts used by slack-connect and individual Slack skills.

Resolve disagreements between agents or approaches using test-based adjudication. Use when agents disagree, when multiple valid approaches exist, when the user asks "which approach", or when making architectural decisions with tradeoffs.

Supabase backend development: database, RLS, Edge Functions, queries.USE WHEN: creating tables, migrations, RPC functions, Edge Functions,RLS policies, query optimization, Supabase infrastructure.NOT FOR: Flutter UI (use flutter-developer), tests (use testing-agent).Examples:<example>Context: The user needs to create a new database table.user: "Create a table for customer reviews with ratings and comments"assistant: "I'll use the backend-dev skill to design the reviews table with RLS policies."<commentary>Database table creation requires backend-dev.</commentary></example><example>Context: The user needs server-side business logic.user: "Create an Edge Function to calculate dynamic pricing"assistant: "I'll use backend-dev to develop the Edge Function for pricing."<commentary>Edge Functions are a core backend-dev responsibility.</commentary></example>

FedRAMP 20X modernization expert. Provides guidance on Key Security Indicators (KSIs), continuous monitoring automation, machine-readable policies, and the new automated authorization approach. Auto-syncs with official FedRAMP docs.

CRITICAL: Use this skill when creating/debugging React UI components, Radix UI, forms, modals, or drag & drop.AUTO-ACTIVATE when user mentions (FR/EN): - select, Select, SelectValue, SelectItem, Radix - modal, modale, dialog, Dialog, DialogContent - form, formulaire, validation, Zod, React Hook Form, shadcn - drag, drop, DnD, @dnd-kit, sortable, réordonner - UI bug, composant, component, affiche ID, shows ID, undefined - Button, Input, Label, Checkbox, Switch, Badge, Card - créer composant, create component, nouveau composantThis skill contains TESTED patterns for Radix UI Select (ID vs Name), Modal CRUD templates, Drag & Drop with @dnd-kit, Form validation with Zod + shadcn/ui Form.