測試與安全

Run and manage functional tests (unit, integration, E2E, mutation). Use when running tests, debugging test failures, ensuring test coverage, or fixing mutation testing issues. Covers PHPUnit, Behat, and Infection. For K6 load/performance tests, use the load-testing skill instead.

Validate Laravel database configuration and test actual connections. Use when user reports "database connection error", "hosts array is empty", "could not connect to database", or wants to verify database setup is correct.

Build Kubernetes-native CLIs in Go with type safety, testability, and complex orchestration logic for deployment tools and cluster automation.

Automatically generates comprehensive test suites (unit, integration, E2E) based on code and past testing patterns. Use when user says "write tests", "test this", "add coverage", or after fixing bugs to create regression tests. Eliminates testing friction for ADHD users.

Node.js server development patterns including async patterns, error handling, and security best practices.

Stop the Android app running on connected device. Cleanly terminates the app using force-stop. Use when stopping the app for debugging, testing, or cleanup.

Production-ready code implementation following approved designs. Writes clean,tested, documented code. Zero linting violations. All code includes tests.

Analyzes performance benchmarks from CUDA, CPU, memory tests. Parses output, identifies bottlenecks, tracks metrics over time, generates optimization insights.

Hook creation and management system for React, Vue, and other frameworks with automated hook generation, testing, and documentation.

Default testing standard for all implementation work - ensures code actually works through mandatory execution validation before confirming to user. Applies automatically whenever writing, modifying, debugging, or implementing any code (scripts, APIs, UI, configs, data operations, logic changes). This is the baseline expectation, not an optional extra - every implementation must be verified through actual execution, not assumed correct.

Set up and improve WebF app tests with Vitest and React Testing Library. Use when the user mentions Vitest, React Testing Library, unit tests, component tests, “testing trophy”, or asks to add/fix tests in a Vite/React/TS WebF app.

Optimizes token usage and context management for large tasks, cleanup operations, multi-step workflows, code audits, and complex agent operations. Automatically triggers when handling cleanup commands, large codebase analysis, multi-file operations, or tasks requiring multiple subagents. Enforces efficient context usage while maintaining quality results.

Perform comprehensive dead code and clean-up analysis in Python projects using static analysis, coverage, dependency checks, and security scanning. Use when asked to clean up code, find unused code, analyze dependencies, or improve code quality.

Debug CSRF token issues and authentication problems including 403 Forbidden errors, cookie issues, JWT tokens, OAuth flows, and session management. Use when troubleshooting CSRF verification failed, 403 errors on POST requests, login not working, or token refresh issues.

Clerk modern authentication specialist covering WebAuthn, passkeys, passwordless, and beautiful UI components. Use when implementing modern auth with great UX.

Create functional test for HTTP controllers and LiveComponents. Use when testing web endpoints, form submissions, API responses, or LiveComponent interactions. Tests make HTTP requests and verify responses/DOM.

Padrões e boas práticas para testes de software

Use when you want to capture project-specific patterns as reusable skills - generates custom skills based on codebase patterns, common workflows, and team conventions discovered during analysis. Creates skills for patterns, testing, deployment, debugging, and setup. Do NOT use for generic skills that would work across any project - those belong in popkit core, not project-specific generation.

Production-ready authentication system using Better Auth v2 with latest features. Includes OAuth providers, advanced RBAC, multi-tenant support, and security best practices.

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.