測試與安全

Safe minor dependency updates with validation (lint/test/build) and automatic rollback on failure.

Use when deploying or managing Kubernetes workloads requiring cluster configuration, security hardening, or troubleshooting. Invoke for Helm charts, RBAC policies, NetworkPolicies, storage configuration, performance optimization. Keywords: Kubernetes, K8s, kubectl, Helm, RBAC, NetworkPolicy.

Use when building Spring Boot 3.x applications, microservices, or reactive Java applications. Invoke for Spring Data JPA, Spring Security 6, WebFlux, Spring Cloud integration. Keywords: Spring Boot, Spring Framework, Spring Cloud, WebFlux, microservices.

Shared configuration patterns for project setup commands. Provides security hooks, Claude framework structure templates, and framework detection patterns used across multiple setup commands.

Specialized QA testing for morphir-dotnet. Use when user asks to create test plans, run tests, validate packages, report bugs, perform regression testing, or verify PR completion. Triggers include "test plan", "QA", "regression", "validate", "bug report", "test this", "verify implementation".

Provides guidance and utilities for securely accessing the Codante Frontend production server via SSH. Use this when you need to connect to the production server, run commands, check logs, manage pm2 processes, troubleshoot issues, or verify deployments.

Generates and improves tests following TDD principles. Activates when new features are implemented, test coverage is low, or user requests tests. Ensures comprehensive test coverage with unit, integration, and edge case tests.

Build ChatGPT Apps using the Apps SDK and MCP. Use when users want to:(1) Evaluate if their product should become a ChatGPT App(2) Design and implement MCP servers with widgets(3) Test apps locally and in ChatGPT(4) Prepare for App Store submissionTriggers: "ChatGPT app", "Apps SDK", "build for ChatGPT","ChatGPT integration", "MCP server for ChatGPT", "submit to ChatGPT"

Use when implementing infrastructure as code with Terraform across AWS, Azure, or GCP. Invoke for module development, state management, provider configuration, multi-environment workflows, infrastructure testing. Keywords: Terraform, IaC, terraform module, state, AWS provider, Azure provider, GCP provider.

Security vulnerability analysis to detect hardcoded secrets, dangerous patterns, and unsafe code practices.

Use when building Python 3.11+ applications requiring type safety, async programming, or production-grade patterns. Invoke for type hints, pytest, async/await, dataclasses, mypy configuration. Keywords: Python, typing, async, pytest, dataclasses.

Specialized CVE and vulnerability management for morphir-dotnet. Use when user asks to scan for vulnerabilities, fix CVEs, suppress false positives, review security reports, or manage dependency-check. Triggers include "CVE", "vulnerability", "security scan", "dependency-check", "suppress", "false positive", "CVSS", "security fix".

JavaScript/ES6+ coding standards following Airbnb guidelines, modern patterns, React best practices, and comprehensive Jest testing. Use for JavaScript projects requiring clean, maintainable, production-ready code with modern tooling.

Comprehensive evaluation toolkit for analyzing Claude skills across security, quality, utility, and compliance dimensions. This skill should be used when users need to evaluate a skill before installation, review before publishing, or assess overall quality and safety. Performs 5-layer security analysis, validates structure and documentation, checks compliance with skill-creator guidelines, and generates markdown reports with scoring and recommendations.

Test skill demonstrating progressive file loading with multiple resources

Master Rust's ownership system, type safety, and zero-cost abstractions for building safe, concurrent, and performant systems. Covers borrowing, lifetimes, traits, error handling, async/await, and testing patterns.

Authentication security standards covering OAuth2 flows (authorization code, PKCE), JWT best practices (RS256, expiration), MFA (TOTP, WebAuthn), session management, and NIST 800-63B compliance for production systems

Review code for best practices, bugs, security issues, and improvements. Use when reviewing code, checking PRs, or analyzing code quality.

Performance testing standards for load, stress, spike, and soak testing. Covers k6 and JMeter implementation, SLI/SLO definitions, CI/CD integration, and bottleneck analysis. Use when validating system behavior under load, establishing baselines, or capacity planning.

Analyzes HTTP security headers for a given URL and provides a comprehensive security score. Checks for critical headers like HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. Returns detailed scoring and recommendations.