Testing & Security

Run SonarQube/SonarCloud static code analysis to check code quality, detect security vulnerabilities, code smells, and bugs. Use when the user mentions SonarQube, code quality analysis, security scanning, static analysis, or wants to check for vulnerabilities.

Systematic debugging workflow to reproduce, isolate, and fix hard software bugs, resolve related lint issues, and add tests and guardrails to prevent regressions. This skill should be used for complex bugs that teams struggle to fix, flaky/intermittent failures, production-only bugs, and environment-specific issues where code changes must be lint-clean.

WHEN: Spring Boot code review, DI patterns, @Transactional, REST API design, security configurationWHAT: Dependency injection + Transaction management + API design + Security config + JPA patternsWHEN NOT: Kotlin Spring → kotlin-spring-reviewer, Pure Java → java-reviewer, Django/FastAPI → respective reviewers

Creates assessments with varied question types (MCQ, code-completion, debugging, projects) alignedto learning objectives with meaningful distractors based on common misconceptions. Activate wheneducators design quizzes, exams, or tests measuring understanding; need questions at appropriatecognitive levels (Bloom's taxonomy); want balanced cognitive distribution (60%+ non-recall); orrequire rubrics for open-ended questions. Generates MCQs with diagnostic distractors, code-writingprompts, debugging challenges, and project-based assessments targeting deep understanding.

Application security patterns and best practices. Use when implementing authentication, authorization, input validation, secrets management, OWASP protections, or security hardening.

MCP 기반 종합 품질 검수 - Playwright E2E, 콘솔 오류, 반응형, 접근성, 성능 (200점 만점)

Generate Jest configuration files for JavaScript/TypeScript testing with coverage, mocking, and environment-specific settings. Triggers on "create jest config", "generate jest.config", "jest configuration for", "testing config".

Modern API development patterns for building high-performance, scalable web services. Expert in async/await patterns, REST/GraphQL APIs, middleware, error handling, rate limiting, OpenAPI documentation, testing, and production optimizations. Framework-agnostic patterns that work with Python, Node.js, Go, and other languages.

Systematic error resolution with priority-based triage preventing cascade failures. Build→Types→Unused→Async→Logic→Tests priority order, TYPE_SAFETY_THEATER detection, proven from B2 validation work. Use when resolving errors, CI failures, cascade detection, type safety violations. Triggers on error resolution, CI failures, systematic error fixing, cascade detection, type safety theater, build errors, type errors, validation theater.

Evaluate browser screenshots and page state for errors. Use when verifying features work correctly, detecting error conditions, or validating UI state during browser testing.

CUI Java unit testing standards and patterns with JUnit 5, generators, and value object testing

Ink.js (React for CLI) design and implementation guide.Use when:(1) Creating or modifying Ink.js components(2) Implementing Ink-specific hooks (useInput, useApp, useFocus)(3) Handling emoji/icon width issues (string-width workarounds)(4) Building terminal-responsive layouts(5) Managing multi-screen navigation(6) Implementing animations (spinners, progress bars)(7) Optimizing performance (React.memo, useMemo)(8) Handling keyboard input and shortcuts(9) Testing CLI UI (ink-testing-library)

Validates output-style persona definitions, behavior specifications, and keep-coding-instructions decisions. Use when reviewing, auditing, or improving output-styles, checking persona clarity, validating behavior concreteness, assessing coding-instructions appropriateness, or verifying scope alignment (user vs project). Also triggers when user asks about output-style best practices, wants to improve style effectiveness, or needs help with persona definition.

Use when you need to research, analyze, and plan technical solutions that are scalable, secure, and maintainable.

Autonomous UI inspection using a dual channel: (1) visual screenshots via Playwright MCP tools, (2) numeric layout metrics via Puppeteer scripts. Includes server --check standardization so agents can start/stop reliably.

Complete domain hosting setup workflow combining Plesk, Cloudflare, Let's Encrypt, and GitHub Actions deployment. Use when setting up a new domain from scratch, including DNS configuration, SSL certificates, and automated deployment pipelines. Orchestrates plesk-domain-setup, cloudflare-domain-setup, and github-actions-deploy skills.

Dual-mode workflow issue logger. Use with mode=log to append mistakes during waves. Use with mode=summary at workflow end to review accumulated issues. Use when completing /build, /audit, or /ms workflows.

Use this skill whenever the user wants to design, implement, or refactor authentication and authorization in a NestJS TypeScript backend, including JWT, sessions, refresh tokens, guards, roles/permissions, and integration with modules/services/controllers.

Use when implementation is complete, all tests pass, and you need to decide how to integrate the work - guides completion of development work by presenting structured options for merge, PR, or cleanup

Security audit for vulnerabilities, compliance issues, and sensitive data exposure. Use before production deployments or when reviewing security-sensitive code.