Testing & Security

Manage SSL/TLS certificates and diagnose certificate issues. Use when the user says "cert expiring", "SSL error", "certificate problem", "renew certificate", "check certificate", "HTTPS not working", or asks about TLS/SSL.

Develop, test, and register PMC workflows.Workflows are JSON state machines for Claude CLI, shell, sub-workflows.WORKFLOW:1. DEFINE - Create workflow JSON with states, transitions2. VALIDATE - pmc validate <workflow.json>3. MOCK - Create mock scripts for each state4. TEST MOCK - pmc run --mock to test transitions5. TEST REAL - pmc run with real data6. REGISTER - Add to registry.jsonUse when:- User says "create workflow", "new workflow", "automate"- Automating repetitive multi-step processes- Building CI/CD or development pipelines

Standards for security documentation and writeups

Make security mandatory through automation. Branch protection, pre-commit hooks, status checks, policy-as-code, and SLSA provenance for SOC 2 compliance.

PROACTIVELY invoke this skill when the user asks to "debug this", "review my code", "refactor this file", or "security audit". Unified engineering capabilities for debugging, code review, refactoring, and testing.

Coordinate planning, auditing, and validation workflows. Use when the user mentions plan/planning, audit/auditing, review, or validation for engineering, data, or pipeline work.

Triggering and managing AI reflection cycles in StickerNest. Use when the user wants to run AI evaluation, trigger reflection, check AI quality, improve AI prompts, analyze AI performance, or audit AI generations. Covers reflection triggers, evaluation analysis, and improvement actions.

Audit Makefiles for duplication, portability, and idiomatic GNU Make usage.

Send and draft professional emails with seasonal HTML formatting, authentic writing style, contact lookup via Google Contacts, security-first approach, and Google Gmail API via Ruby CLI. This skill should be used for ALL email operations (mandatory per RULES.md).

WHEN: Spring Boot + Kotlin, Ktor backend review, coroutine-based server, WebFlux/R2DBC pattern checksWHAT: Spring Kotlin idioms + Coroutines integration + WebFlux patterns + Data class usage + Test strategiesWHEN NOT: Android → kotlin-android-reviewer, KMP shared code → kotlin-multiplatform-reviewer

Use when implementing any feature or bugfix, before writing implementation code - write the test first, watch it fail, write minimal code to pass; ensures tests actually verify behavior by requiring failure first

Save backtest results to SQLite database for comparison. Trigger when: (1) tracking backtest history, (2) comparing model performance, (3) querying best backtests.

Authentication and authorization including JWT, OAuth2, OIDC, sessions, RBAC, and security analysis. Activate for login, auth flows, security audits, threat modeling, access control, and identity management.

Interactive API testing tool for the Kindle notes backend. Tests endpoints with intelligent data checking, minimal test data creation, and timing metrics.

Complete guide for working with GitHub Projects (v2) REST API for kanban board operations. Covers authentication, item management, field operations, status updates, and practical patterns for project automation.

Develop Notion templates and databases using Notion MCP tools in Claude Code. Orchestrates escape room design skills (narrative-architect, puzzle-designer, formula-master, localizer, playtester) and implements their output via Notion MCP API. Use when creating Notion templates, building databases, implementing game mechanics, or managing complex multi-step Notion development workflows. Handles rate limits, session persistence via Serena MCP, and iterative development cycles.

Testing patterns including pytest, unittest, mocking, fixtures, and test-driven development. Activate for test writing, coverage analysis, TDD, and quality assurance tasks.

Guide selection and interpretation of statistical hypothesis tests. Use when: (1) Choosing appropriate test for research data, (2) Checking assumptions before analysis, (3) Interpreting test results correctly, (4) Reporting statistical findings, (5) Troubleshooting assumption violations.

Expertise in automated testing, code review practices, and quality standards enforcement. Activates when working with "lint", "test", "review", "coverage", "quality", "standards", or test automation.

Landing page component registry integration for searching, browsing, and pulling pre-built React/TypeScript components from the monet MCP server. Use this skill when users want to (1) search for UI components (hero sections, pricing tables, testimonials, etc.), (2) pull/add components to their project, (3) browse available component categories, (4) get component details or code, or (5) explore the component registry statistics.