測試與安全

Analyze C++ code for real-time safety violations including heap allocations, locks, blocking calls, and unbounded operations in audio threads.

Deploys Apache Kafka on Kubernetes using the Strimzi operator with KRaft mode.Use when setting up Kafka for event-driven microservices, message queuing, or pub/sub patterns.Covers operator installation, cluster creation, topic management, and producer/consumer testing.NOT when using managed Kafka (Confluent Cloud, MSK) or local development without K8s.

Enforce test quality and prevent implementation shortcuts when writing or modifying code. Use when implementing features, fixing bugs, or refactoring code. Prevents test tampering (FP-1) and implementation shortcuts (FP-2).

This skill should be used when reviewing, auditing, or improving existing Claude Code skills to ensure they follow Anthropic best practices, have proper structure, use current domain-specific patterns, and include all necessary resources. It analyzes skill quality, identifies gaps, suggests improvements, and can automatically enhance skills with updated best practices. Trigger terms include review skill, audit skill, improve skill, enhance skill, update skill, check skill quality, skill best practices, fix skill, optimize skill, validate skill structure.

Comprehensive API security for REST, GraphQL, and gRPC services with OAuth 2.1 authentication, JWT validation, rate limiting, and enterprise protection patterns.

Document placement rules, visibility protocols, and timeline test (before-code vs after-code). Defines where documentation belongs (dev/docs/ vs coordination/), documentation-first PR protocol, and phase artifact placement. Critical for documentation organization and visibility.

Use when exploring Python project structure, finding virtualenv paths (python/pip/pytest), or locating package metadata (name, version, pyproject.toml).

Deep security analysis with high reasoning effort for threat detection

Generate two distinct, AI-powered image variations for advertising campaigns using Google Gemini's image generation capabilities. Use when creating visual assets for ads based on campaign parameters and research insights. Triggers on requests to generate ad images, create visual assets, produce image variations for A/B testing, or develop platform-specific ad visuals.

Use when writing or changing tests, adding mocks, or tempted to add test-only methods to production code - prevents testing mock behavior, production pollution with test-only methods, and mocking without understanding dependencies

Use this when user requests code review, pull request analysis, or quality assessment. Provides systematic 6-category checklist: functionality, security (OWASP), code quality (SOLID), performance, testing, and maintainability. Apply for PR reviews, security audits, or teaching code quality principles

Use when testing Nango syncs locally - runs dry-run command with proper parameters for integration testing without affecting production data

AWS infrastructure patterns and best practices for Terraform. Provides VPC, IAM, S3, and security group scaffolds. Use when developing AWS infrastructure.

Thorough code review for Rust/WebAssembly projects. Identifies bugs, securityissues, performance problems, and maintainability concerns. Provides actionablefeedback with specific suggestions.

Designs, implements, and deploys Microsoft 365 Copilot agents using TypeSpec and ATK CLI. Provides architectural guidance, capability configuration, security patterns, and lifecycle management. Use when developing M365 Copilot agents, working with TypeSpec, or managing agent deployments. For creating new projects, use the m365-agent-scaffolder skill.

Playwright end-to-end testing patterns including page object models, test scenarios, visual regression, and CI/CD integration. Use when building E2E tests, testing web applications, automating browser interactions, implementing page objects, running Playwright tests, debugging E2E failures, or when user mentions Playwright, E2E, browser automation, page object model, POM, visual regression, or end-to-end testing.

Implement feature steps using git worktrees, build and test adaptively, update implementation plan, and generate test plans. This skill should be used when ready to implement one or more steps from an implementation plan, automatically adapting to any framework, language, or project structure.

Manage environment variables securely. Handles distinction between .env (template) and .env.local (secrets).

Core Python development skill for scripts, utilities, and general Python code. Covers uv package management, script dependencies, project setup, and coding standards. Use for Python file creation, running scripts, dependency management, or general Python tasks. For web APIs and servers, see python-backend skill. For testing, see python-testing skill.

Pattern for client components calling server actions to set cookies in Next.js. Covers the two-file pattern of a client component with user interaction (onClick, form submission) that calls a server action to modify cookies. Use when building features like authentication, preferences, or session management where client-side triggers need to set/modify server-side cookies.