Testing & Security

Automates development of TogetherOS Rewards module features. Use when building reward types, implementing validation, creating UI components, writing tests, or updating Rewards documentation. Handles end-to-end implementation from entity models through API handlers to frontend components.

Comprehensive mobile app testing strategies for iOS and Android. Covers unit tests, UI tests, integration tests, performance testing, and test automation with Detox, Appium, and XCTest.

Guides writing bundler tests using itBundled/expectBundled in test/bundler/. Use when creating or modifying bundler, transpiler, or code transformation tests.

Converting backtest visualizations from bar indices/timesteps to actual datetime axes for clearer time context

Automatically find the latest portfolio CSVs, process them, and display visualizations in web browser. Use when you want a complete portfolio analysis with one command.

Generate realistic CSV data files with proper headers, data types, and configurable row counts for testing, demos, and development. Triggers on "create CSV data", "generate CSV file", "fake CSV for", "sample data CSV", "test data spreadsheet".

Escape Docker containers and exploit Kubernetes clusters using privileged containers, Docker socket access, misconfigurations, and API abuse. Use when testing container security or performing container escape.

Prevents 30+ critical AI/ML mistakes including data leakage, evaluation errors, training pitfalls, and deployment issues. Use when working with ML training, testing, model evaluation, or deployment.

Guides strict TDD (red/green/refactor), prioritizing domain unit tests and small steps.

专业安全审计专家，精通漏洞扫描、渗透测试、合规检查和安全代码审查。帮助企业识别和修复安全风险，确保系统和数据的安全性。

Build autonomous end-to-end full-stack testing agents using Claude's Computer Use API, LangGraph orchestration, and hybrid Playwright automation. Use this skill when building testing infrastructure, test automation, CI/CD test integration, or self-healing test systems.

Enterprise Clerk Authentication Platform with AI-powered modern identity architecture, Context7 integration, and intelligent user management orchestration for scalable applications

Comprehensive security vulnerability scanning. Use when checking for OWASP vulnerabilities, scanning for secrets/API keys, auditing dependencies for CVEs, or running pre-commit security checks.

Validate planning documents before implementation begins.Checks ambiguity resolution, prerequisites, and testing methods.Use when:- Before starting implementation of a ticket- User says "validate plan", "check plan", "ready to implement?"- After completing 2-plan.md and 3-spec.md- Before TDD cycle begins

Python async/await patterns with asyncio, concurrent.futures, threading, and multiprocessing. Covers async context managers, timeouts, cancellation, common pitfalls (blocking in async, missing await, event loop issues), and choosing between async/threading/multiprocessing. Use when writing async code, debugging async issues, choosing concurrency approaches, or testing async functions.

Systematic approach to reviewing code for quality, security, and maintainability

Vitest - Modern TypeScript testing framework with Vite-native performance, ESM support, and TypeScript-first design

Parse WCAG accessibility scan reports and combine with personal accessibility testing experiences to generate compelling, evidence-based violation narratives that cite both user impact and technical violations. Generates plain-text complaint narratives suitable for demand letters, legal notices, and accessibility audit reports.

Use when implementing any feature or bugfix, before writing implementation code - write the test first, watch it fail, write minimal code to pass; ensures tests actually verify behavior by requiring failure first

Review React components for best practices, hooks usage, performance issues, accessibility, and TypeScript type safety. Use when you need to audit existing React components or provide code review feedback.