Testing & Security

Design, deploy, upgrade, and operate the InsightPulseAI Superset-based BI platform on the user's infrastructure with secure, stable, scalable configs.

WordPress plugin and theme testing with PHPUnit integration tests, WP_Mock unit tests, PHPCS coding standards, and CI/CD workflows. Use when testing WordPress plugins, enforcing coding standards, or implementing quality assurance processes.

スナップショットテスト支援。swift-snapshot-testing、UI変更検出。使用タイミング: (1) UIコンポーネントのリグレッションテスト、(2) デザインシステムの検証、(3) 複数デバイス・ダークモード対応の確認、(4) UIリファクタリング時の安全性確保

Pre-commit validation checklist before staging and committing code. Use BEFORE every git commit to ensure code quality, tests pass, and documentation is updated. Triggers on "commit", "stage changes", "ready to commit", or when completing a feature or fix.

Install Playwright MCP for browser automation. Use when user needs web testing/scraping capabilities.

Python testing framework for writing simple, scalable, and powerful tests

Interactive question workflow for clarifying unclear or ambiguous tasks. Use when user requests are vague, lack specifications, have multiple valid implementation approaches, or require architectural decisions. Triggers on requests like "add authentication", "build a dashboard", "optimize the database", or any task where requirements are incomplete or implementation details are missing.

Create and optimize Dockerfiles with BuildKit, multi-stage builds, advanced caching, and security. Use when: (1) Creating new Dockerfile, (2) Optimizing existing Dockerfile, (3) Reducing image size, (4) Improving security, (5) Using Python with uv, (6) Resolving cache or slow build issues, (7) Setting up CI/CD builds

Create and maintain Playwright E2E tests following project patterns. Use when adding new tests, debugging test failures, or understanding test structure.

Review Dockerfiles for best practices, security, and optimization. Use when the user says "review Dockerfile", "optimize image", "Dockerfile best practices", "reduce image size", or asks to audit a container build.

Analyzes network protocol implementations to identify parsing vulnerabilities, state machine issues, and protocol-level security problems. Use when analyzing network servers, protocol handlers, or investigating protocol implementation bugs.

System 테스트 작성 및 실행. pytest 기반, docker-compose.acceptance.yml 필수, 4단계 순서(infra→component→integration→scenarios). 네이밍 test_{대상}_{시나리오}_{예상결과}. poetry run pytest system-tests/ 실행. Fail Fast - 모든 응답 필드/타입/에러 엄격 검증, 예상외 필드/부작용은 실패 처리.

Configuring MCP Servers & Plugins for Claude Code. Set up Model Context Protocol servers (GitHub, Filesystem, Brave Search, SQLite). Configure OAuth, manage permissions, validate MCP structure. Use when integrating external tools, APIs, or expanding Claude Code capabilities.

Control Chrome browser through MCP for testing, debugging, network analysis, and performance profiling. Use when testing web apps, measuring Core Web Vitals, analyzing network requests, debugging console errors, or when the user mentions Chrome DevTools, performance traces, or browser automation.

Use when adding packages, bumping versions, or responding to security alerts. Enforces supply chain security and vulnerability remediation.

Use when implementing features, fixing bugs, or making code changes. Ensures scope is defined before coding, then enforces RED → GREEN → REFACTOR test discipline. Triggers: 'implement', 'add', 'build', 'create', 'fix', 'change', 'feature', 'bug'.

Run automated accessibility tests on URLs or HTML content using axe-core engine to WCAG 2.2 AA standards, then format findings as standardized issue reports. Use this skill when users want to test website accessibility, find WCAG violations, audit pages for accessibility issues, check if sites are accessible, analyze HTML for accessibility problems, or create accessibility issue tickets. Triggers on requests like "test accessibility", "check for WCAG violations", "audit this URL", "is this page accessible", "find accessibility issues", or "write accessibility issues".

Android動的解析（DAST）。Frida、Objection、Drozerによるランタイム分析、SSL Pinningバイパス、通信傍受、メモリ解析。root端末またはエミュレータが必要。Triggers on: Frida, Objection, Drozer, dynamic analysis, runtime analysis, SSL pinning bypass, hook, instrumentation, memory dump, traffic interception.

Diagnose and recover from unexpected test behavior during TDD

This skill provides comprehensive knowledge for building applications with Cloudflare Sandboxes SDK, which enables secure, isolated code execution in full Linux containers at the edge. It should be used when executing untrusted code, running Python/Node.js scripts, performing git operations, building AI code execution systems, creating interactive development environments, or implementing CI/CD workflows that require full OS capabilities.Use when: Setting up Cloudflare Sandboxes, executing Python/Node.js code safely, managing stateful development environments, implementing AI code interpreters, running shell commands in isolation, handling git repositories programmatically, building chat-based coding agents, creating temporary build environments, processing files with system tools (ffmpeg, imagemagick, etc.), or when encountering issues with container lifecycle, session management, or state persistence.Keywords: cloudflare sandbox, container execution, code execution, isolated environment, durable objects