Testing & Security

Use picocom to interact with IoT device UART consoles for pentesting operations including device enumeration, vulnerability discovery, bootloader manipulation, and gaining root shells. Use when the user needs to interact with embedded devices, IoT hardware, or serial consoles.

Develop React applications for VS Code Webview surfaces. Use when working on the `webview-ui` package, creating features, components, or hooks for VS Code extensions. Includes project structure, coding guidelines, and testing instructions.

Run build processes, test suites, deployments, and development servers in monitored tmux sessions with persistent logging. Use when executing long-running tasks that need background execution with real-time monitoring, or when running commands like npm build, pytest, deployment scripts, or dev servers that should continue running while you work on other tasks.

Guide AI assistants through Gray Swan MITM challenges using Playwright browser automation to interact with AI agent intermediaries. Use when working on Gray Swan Machine-in-the-Middle CTF challenges.

Tailwind CSS configuration template and validation logic for tailwind.config.js or tailwind.config.ts with src/index.css directives. Includes 5 required standards (required content paths for scanning, must extend default theme not replace, required plugins array, file naming convention for .js or .ts, required dependencies). Ensures proper PostCSS integration and Tailwind directive setup. Use when creating or auditing tailwind.config.js or tailwind.config.ts files for consistent Tailwind CSS setup.

Pod Security Standards and admission controllers for GKE. Runtime monitoring with Falco and behavioral analysis to detect anomalous workload activity.

Crea commits git con verificación obligatoria de calidad. Ejecuta dart analyze, format y tests antes de commitear.

Build or modify the Rust↔Python FFI using PyO3+maturin. Use for binding builds, smoke tests, and boundary validation workflow.

Bi-directional comparison workflow for config auditing. Compares what agents expect (from templates/standards) against what repositories actually have, presenting differences with remediation options. Use when agents need to audit configs, validate standards compliance, or identify mismatches between expected and actual configurations.

Face recognition system patterns for attendance. Use when working with face detection, verification, enrollment, liveness detection, or any biometric authentication features.

Sync current git worktree with upstream remote changes. Use when pulling latest changes from the remote branch. Handles uncommitted changes with stashing, offers rebase or merge.

Validate CasareRPA workflow JSON files for structural integrity, node dependencies, and connection validity. See schemas/ for JSON schema definitions. Use when: validating workflows, checking workflow JSON, testing workflow definitions, graph structure validation, node connections.

Create a complete feature with ViewModel, View, and tests following Phoenix MVVM patterns. Use when building new UI features, panels, or components that manage their own state. Generates ViewModel with MobX, React view with observer, and comprehensive tests.

⚡ PRIMARY TOOL for: 'what's tested', 'find test coverage', 'audit test quality', 'missing tests', 'edge cases', 'test patterns'. Uses claudemem v0.3.0 AST with callers analysis for test discovery. GREP/FIND/GLOB ARE FORBIDDEN.

Sync local and remote workspaces with latest motoko framework changes. Use when asked to update workspaces, sync skills, or push motoko changes to workspaces.

Interactive browser automation via Chrome DevTools Protocol. Use when you need to interact with web pages, test frontends, or when user interaction with a visible browser is required.

Access Jira issues and Confluence pages via Python scripts with OAuth 2.0 authentication. Use when user asks about Jira tickets, issues, bugs, stories, epics, sprints, or Confluence pages, wiki, documentation. Contains instructions to cleanup existing tickets, do status update of the tickets.

Automates updating ollama_dart when Ollama OpenAPI spec changes. Fetches latest spec, compares against current, generates changelogs and prioritized implementation plans. Use for: (1) Checking for API updates, (2) Generating implementation plans for spec changes, (3) Creating new models/endpoints from spec, (4) Syncing local spec with upstream. Triggers: "update api", "sync openapi", "new endpoints", "api changes", "check for updates", "update spec", "api version", "fetch spec", "compare spec", "what changed in the api", "implementation plan".

Review test cases for PKCE (Proof Key for Code Exchange) implementation. Covers code_challenge/code_verifier validation, S256 transformation, and all PKCE requirements per OAuth 2.1 Sections 4.1.1, 4.1.3, 7.5.1, 7.5.2. PKCE is MANDATORY in OAuth 2.1.

Create, configure, and integrate MCP (Model Context Protocol) servers and clients. Use when building MCP servers with FastMCP (Python) or MCP SDK (Node/TypeScript), integrating external APIs, or creating custom tools/resources for LLMs. Handles server creation, client configuration, transport protocols, and security patterns.