Testing & Security

A comprehensive security middleware system for Next.js 13+ App Router API routes that provides authentication, rate limiting, CSRF protection, audit logging, and security headers in a composable, production-ready pattern. Use when building secure Next.js APIs that need protection against common web vulnerabilities.

Develop and maintain Convex backend functions including queries, mutations, and actions. Use when working with database operations, authentication, game management, scoring logic, and real-time data updates in the dev-quiz-battle app.

Get code review from Codex AI for implementation quality, bug detection, and best practices. Use when asked to review code, check for bugs, find security issues, or get feedback on implementation patterns.

Expert iOS App Store submission and approval system. 9 specialized agents providing senior App Review Team-level expertise across compliance, design, privacy, monetization, metadata, technical requirements, timing, rejection recovery, and learning. Triggers on keywords like app store, iOS submission, apple review, app rejection, aso, privacy manifest, privacy labels, ATT, iap, in-app purchase, subscription, storekit, review guidelines, HIG, testflight, app store connect.

HashiCorp Vault operations including secrets engines (KV, AWS, Azure, GCP, Database, PKI), auth methods (Token, AppRole, Kubernetes, OIDC, AWS), policies and ACLs, dynamic credentials, secret rotation, Terraform integration, agent sidecar patterns, audit logging, high availability, and disaster recovery. Activate for Vault secret management, credentials automation, and security configuration.

Write comprehensive unit tests for Visual Layout Builder using Vitest. Use when creating tests for lib/ functions, schema validation, canvas utilities, or any business logic. Follows AAA pattern and project testing conventions.

Schedule recurring background tasks in rwsdk/Cloudflare Workers - cron syntax, setup, local testing, and patterns for cleanup, metrics, billing, and maintenance

Expert Golang senior/lead developer dengan 20+ tahun pengalaman. Gunakan skill ini ketika bekerja dengan Go/Golang projects untuk membuat kode clean, maintainable, scalable, struktur folder production-grade, Docker containerization, debugging, mendeteksi celah crash/bug/race condition, code review standar senior engineer, testing strategies, performance optimization, dan library selection battle-tested. Trigger keywords include golang, go, docker, microservice, api, backend, clean code, refactor, debugging.

Agent SDK development utilities for creating, testing, and managing AI agents with comprehensive tooling and debugging capabilities.

Guide experienced developers through RED phase of TDD cycle - writing failing tests

Data quality testing with dbt tests, Great Expectations, and monitoring.

Comprehensive Ruby development skill covering language fundamentals, object-oriented design patterns, error handling strategies, performance optimization, modern Ruby 3.x features (pattern matching, ractors, typed Ruby), testing patterns, metaprogramming, concurrency, and Rails-specific best practices. Use when writing Ruby code, refactoring, implementing design patterns, handling exceptions, optimizing performance, writing tests, or applying Ruby idioms and conventions.

Comprehensive Azure DevOps REST API skill for work items, pipelines, repos, test plans, wikis, and search operations via MCP tools and direct API calls

Generate SEO-optimized code snippets for websites. Use when asked to optimize SEO, generate meta tags, create structured data (JSON-LD/schema.org), fix heading hierarchy, or audit page SEO. Outputs implementation-ready code for handoff to developers. Supports multilingual sites (Ukrainian/English) and industry-specific schemas for construction equipment, aquaculture, and engineering services.

Write Playwright behavior tests (.spec.ts) that verify complete user workflows. Use when creating end-to-end tests for behaviors based on their specifications with Act:/Check: steps. Triggers on "write a behavior test", "create a spec test", or "test this behavior".

Run security scans locally (Semgrep, Trivy, Gitleaks) to detect vulnerabilities, secrets, and code issues before pushing. Use when the user wants to check for security issues, scan dependencies, or validate code security.

A Claude Code skill for detecting flaky test patterns that cause intermittent CI failures.

Ensure environment variables for Talk-To-My-Lawyer are present, scoped correctly (server vs client), and synced across local env files and Vercel. Use when adding, auditing, or debugging env variables, or preparing deployments.

Breaks cryptographic systems and decrypts ciphertext. Use when working with RSA, AES, XOR, classical ciphers, hash functions, or when challenge involves encryption, decryption, keys, or mathematical crypto attacks.

Use this skill when analyzing EnergyPlus IDF building energy models, including QA/QC validation, HVAC topology analysis, ECM testing, or running simulations. Supports fast validation without Docker (direct parsing) and comprehensive analysis with MCP tools when needed. Handles Windows path formats, environment detection, and intelligent method selection. (project)