Testing & Security

PC application security analyzer for Windows/macOS/Linux executables. Static analysis (SAST) for desktop applications including PE/ELF/Mach-O analysis, dependency scanning, SBOM generation. Integrates with cve-checker and cra-code-reviewer for CRA compliance. Triggers on: PC app analysis, Windows exe, macOS app, Linux binary, PE analysis, ELF analysis, desktop security, SBOM generation, dependency scan.

Performance benchmarking practices using pytest-benchmark. Activated when working with benchmarks, performance testing, or optimization.

Empirical validation workflow for blockchain data collection pipelines before production implementation. Use when validating data sources, testing DuckDB integration, building POC collectors, or verifying complete fetch-to-storage pipelines for blockchain data.

Use this skill when users want to scrape web content and convert it to clean Markdown or PDF. Handles workflows like "Save this webpage as PDF", "Fetch this article", "抓取网页内容", or "转换为PDF". Supports crawl4ai for general web scraping and Playwright-based WeChat (微信公众号) article fetching with anti-bot bypass. Automatically converts to PDF by default unless user specifies Markdown-only.

Implementing WebXR, VR, and AR features for StickerNest's spatial platform. Use when the user asks about VR mode, AR mode, WebXR integration, immersive sessions, XR controllers, hand tracking, hit testing, plane detection, mesh detection, room mapping, spatial anchors, teleportation, XR accessibility, or spatial rendering. Covers @react-three/xr, useSpatialModeStore, XR adapters, room scanning, and intent-based input.

Node.js + Express + TypeScript patterns for FarmGate backend. Use when building API routes, services, middleware, or integrating with CAES authentication.

Four-phase debugging framework that ensures root cause identification before fixes. Use when encountering bugs, test failures, unexpected behavior, or when previous fix attempts failed. Enforces investigate-first discipline ('debug this', 'fix this error', 'test is failing', 'not working').

Guide for implementing Cloudflare Browser Rendering - a headless browser automation API for screenshots, PDFs, web scraping, and testing. Use when automating browsers, taking screenshots, generating PDFs, scraping dynamic content, extracting structured data, or testing web applications. Supports REST API, Workers Bindings (Puppeteer/Playwright), MCP servers, and AI-powered automation. (project)

Security review with blocking authority for critical vulnerabilities

Core test infrastructure patterns for monorepo Vitest setup including global configuration, browser API polyfills, mocking patterns, test cleanup, directory structure, and coverage philosophy. Use when setting up Vitest test infrastructure, configuring test environments, implementing test utilities, or establishing test standards. Triggers on: vitest setup, test configuration, test infrastructure setup, test mocking patterns, test cleanup, test standards, monorepo testing.

This skill provides comprehensive backend REST API integration for Asleep sleep tracking platform. Use this skill when building server-side applications, API proxies for mobile apps, webhook event handlers, cross-platform backends (React Native, Flutter), analytics dashboards, or multi-tenant sleep tracking systems. Covers authentication, user management, session retrieval, statistics, webhook integration, and production-ready patterns with code examples in Python, Node.js, and curl.

Use when encountering any bug, test failure, or unexpected behavior before proposing fixes

Write tests using Vitest and Testing Library. Use when asked to write tests, add test coverage, or test a component/function.

Secure-by-design architecture patterns for Kubernetes. Zero trust, defense in depth, least privilege, and fail-secure patterns with implementation examples and threat models.

Expert knowledge of testing Node.js and Express applications including Jest configuration, Supertest for API testing, unit vs integration vs e2e testing, mocking external APIs, test organization, code coverage, CI/CD integration, and TDD practices. Use when writing tests, setting up testing framework, debugging test failures, or adding test coverage.

Analyzes code diffs to identify affected endpoints and prioritize regression testing. Focuses QA effort on changed areas.

Debug issues in the Second Brain Nuxt 4 + @nuxt/content v3 project. Use for any bug, test failure, or unexpected behavior.

Scan code changes for security vulnerabilities using STRIDE threat modeling, validate findings for exploitability, and output structured results for downstream patch generation. Supports PR review, scheduled scans, and full repository audits.

Testing strategy orchestrator. Use when discussing test types, test order, or choosing how to test something. Auto-apply for general testing questions.

Building commissioning workflows including MBCx procedures, testing protocols, report generation, and energy conservation measure verification following ASHRAE Guideline 0 and NEBB standards