Testing & Security

Backtest results interpreter and strategy evaluator. Analyzes historical backtest performance, identifies strengths/weaknesses, and provides actionable recommendations for strategy improvement.

AI-powered PR Author Agent that transforms Observability Diff Plans into Pull Requests. Use when: (1) Generating instrumentation code from Scout Agent output, (2) Creating OTel configuration, correlation headers, lineage specs, (3) Scaffolding telemetry validation tests, (4) Creating GitHub/GitLab PRs with observability artifacts. Triggers: "generate PR from diff plan", "create instrumentation PR", "scaffold observability code", "generate OTel config".

Set up MetaMask wallet extension for Web3 DApp testing - download extension, import wallet from private key. Run at test start if tests/config.yaml has web3.enabled=true.

Add Better Auth signup/signin, personalize chapter content, and persist user preferences. Use when implementing authentication, user sessions, or personalized content delivery.

Ensures all file operations occur in the correct worktree directory to prevent accidental changes to the wrong codebase. Use when implementing, reviewing, testing, or documenting code in worktree-based development workflows.

Production-grade accessibility skill for WCAG 2.2 AA compliance.Covers auditing, remediation, component authoring, and validation workflows.Auto-invoked for UI implementation, a11y fixes, and accessibility testing.

Secretless authentication to cloud providers using OpenID Connect federation. GCP, Azure, and cloud-agnostic examples with subject claim patterns and trust policies.

Essential fuzzing payloads: SQL injection, command injection, special characters. Curated essentials for vulnerability testing.

Weaves custom Skills for Claude following official best practices including proper structure, metadata, progressive disclosure, and security guidelines. Use when creating new skills, building custom workflows, or when user mentions skill creation, skill development, custom skill authoring, weaving skills, or crafting skills.

Capture screenshots of windows or monitors. Use this skill when you need to take a screenshot for testing, debugging, or documentation purposes. Supports cross-virtual-desktop capture and annotation.

Security patterns for input validation, PII protection, and cryptographic operations

项目配置文件管理工具，支持多环境配置（dev/test/prod）、环境变量管理、配置模板生成。支持YAML、JSON、ENV等格式转换，包含敏感信息加密和配置验证。适用于配置管理、环境变量、生成配置、环境配置等场景。

Adds comprehensive accessibility testing to CI/CD pipelines using axe-core Playwright integration or pa11y-ci. Automatically generates markdown reports for pull requests showing WCAG violations with severity levels, affected elements, and remediation guidance. This skill should be used when implementing accessibility CI checks, adding a11y tests to pipelines, generating accessibility reports, enforcing WCAG compliance, automating accessibility scans, or setting up PR accessibility gates. Trigger terms include a11y ci, accessibility pipeline, wcag ci, axe-core ci, pa11y ci, accessibility reports, a11y automation, accessibility gate, compliance check.

Complete guide for Cloudflare Email Routing covering both Email Workers (receiving emails) and Send Email bindings (sending emails from Workers).Use when: setting up email routing, creating email workers, processing incoming emails, sending emails from Workers, implementing email allowlists/blocklists, forwarding emails with custom logic, replying to emails automatically, parsing email content, configuring MX records for email, troubleshooting email delivery issues, or encountering email worker errors.Prevents 8 documented issues: "Email Trigger not available" errors, destination address verification bugs, Gmail rate limiting, SPF permerror issues, worker call failures, test event loading issues, activity log discrepancies, and limited debugging on free plans.Keywords: Cloudflare Email Routing, Email Workers, send email, receive email, email forwarding, email allowlist, email blocklist, postal-mime, mimetext, cloudflare:email, EmailMessage, ForwardableEmailMessage, EmailEvent, MX records, SPF, DKIM, ema

Framework for capturing, storing, and comparing AI evaluations to measure consistency and completeness.Use when: comparing reviews, measuring evaluation quality, running reproducibility tests,auditing AI outputs, validating findings across runs.Triggers: "compare evaluations", "measure consistency", "evaluation framework", "reproducible review","compare reviews", "validate findings", "audit evaluation".

Playwright testing with autonomous test agents (planner, generator, healer) and visual regression testing

Systematic refactoring with small-step discipline. Use when user says 'refactor', 'clean up', 'restructure', 'extract', 'rename', 'simplify', or mentions code smells. Enforces one change → test → commit cycle. For structural improvements, NOT style/formatting (use /lint). NOT for adding features or fixing bugs.

Code Entropy Auditing for detecting systemic issues in legacy code, diff/increment audit, and architecture/spec audit.

S16Z PMS shared library development skill. Use when creating or maintaining shared libraries in the libs/ directory. Covers configuration management with registerAs, DTO validation with class-transformer, HTTP client patterns with BaseHttpClient, Prisma transaction handling, and testing strategies. Triggers when working with libs/ directory, creating new libraries, implementing API clients, or setting up shared services.

Senior FDA consultant and specialist for medical device companies including HIPAA compliance and requirement management. Provides FDA pathway expertise, QSR compliance, cybersecurity guidance, and regulatory submission support. Use for FDA submission planning, QSR compliance assessments, HIPAA evaluations, and FDA regulatory strategy development.