Claude Skills

This skill performs mutation testing to evaluate test suite quality by introducing code mutations and checking if tests detect them. It calculates a mutation survival rate to reveal test coverage gaps and effectiveness. Use it when developers need to assess test robustness using terms like "mutation testing" or "mutation score".

This skill automates mobile app testing for iOS and Android using frameworks like Appium, Detox, XCUITest, and Espresso. It generates end-to-end tests, creates page object models, and handles platform-specific elements. Use it when you need to set up automated testing, configure device farms, or work with mobile testing frameworks.

This skill enables Claude to test load balancing configurations using the `load-balancer-tester` plugin. It validates traffic distribution, tests failover scenarios, verifies sticky sessions, and assesses health check functionality. Use it when a developer asks to test a load balancer, validate traffic distribution, or check failover behavior.

This skill enables Claude to run and manage integration test suites for your project. It automates environment setup, database operations (creation, migrations, seeding), and service orchestration. Use it when you need to execute integration tests, specify particular suites, or include options like code coverage.

This skill generates end-to-end tests for web applications using Playwright, Cypress, or Selenium. It automates browser interactions to validate critical user workflows like login, registration, and shopping cart processes. Use it when you need to create comprehensive E2E tests or perform cross-browser and responsive testing.

The managing-database-testing skill helps developers create robust database tests by generating realistic test data, wrapping tests in transactions for automatic rollback, and validating database schemas. Use this skill when you need database testing utilities for test data factories, transaction management, or schema validation. Trigger it by mentioning "database testing" or using the `/db-test` command.

This skill validates API contracts through Pact-based consumer-driven testing and OpenAPI specification validation. It helps ensure API providers meet consumer expectations and maintain backward compatibility by identifying breaking changes. Use it when generating contract tests, validating API responses, or checking compliance using terms like Pact, OpenAPI validation, or contract-test.

This skill enables Claude to design and execute chaos engineering experiments to test system resilience, including failure injection and resource exhaustion. It is triggered by discussions of GameDays, resilience testing, or validating recovery mechanisms. The skill leverages tools like Chaos Mesh and AWS FIS to simulate real-world failures and assess system behavior.

This skill automates cross-browser compatibility testing for web applications using tools like BrowserStack, Selenium Grid, or Playwright. It tests across Chrome, Firefox, Safari, and Edge to identify browser-specific bugs and ensure consistent functionality. Use it via the `/browser-test` command to generate a detailed report with compatibility issues and visual screenshots.

The fuzzing-apis skill enables Claude to automatically perform security fuzz testing on REST APIs using malformed inputs and boundary values. It helps identify vulnerabilities like SQL injection, XSS, and input validation failures through comprehensive test suites. Developers can invoke this skill with the `/fuzz-api` command when they need vulnerability scanning or security analysis of their APIs.

This skill enables automated vulnerability scanning for codebases using the vulnerability-scanner plugin. It identifies security issues through static code analysis, dependency checking for CVEs, and configuration analysis. Use it when developers need to scan for vulnerabilities, security flaws, or CVEs in their projects.

This skill enables Claude to detect SQL injection vulnerabilities in codebases using the sql-injection-detector plugin. It analyzes code to identify potential SQL injection flaws and provides remediation guidance. Use this skill when you need to scan for SQLi risks or check code for injection vulnerabilities.

This skill automates SOC2 audit preparation by using the soc2-audit-helper plugin to gather evidence, generate reports, and identify compliance gaps. It's designed for developers needing help with initial SOC2 compliance stages, particularly for tasks like evidence collection and preliminary analysis. Use it when users request assistance with SOC2 audits, compliance checks, or security controls documentation.

This skill enables Claude to identify security misconfigurations in infrastructure-as-code, application configs, and system settings using a dedicated plugin. Use it when you need to audit configurations, check for vulnerabilities, or perform security assessments. It helps pinpoint common security weaknesses and compliance issues for remediation.

This skill helps developers handle security incidents by guiding them through the entire response lifecycle. It assists with classifying incidents, creating response playbooks, collecting evidence, and generating remediation steps. Use it when responding to security breaches, ransomware, DDoS attacks, or when using terms like "containment" or "incident response plan."

This skill automatically analyzes HTTP security headers for any provided domain to identify vulnerabilities and misconfigurations. It generates comprehensive reports with security grades, scores, and actionable improvement recommendations. Developers should use it when performing security audits or checking website security posture through Claude.

This skill enables Claude to generate comprehensive security audit and vulnerability assessment reports. It analyzes security data to identify vulnerabilities, assess compliance status, and provide recommended remediation steps. Use it via the `/audit-report` command when you need to evaluate an application's security posture or create a remediation roadmap.

This skill scans your codebase to detect exposed secrets like API keys and passwords using pattern matching and entropy analysis. It helps developers proactively identify security vulnerabilities before committing code or deploying to production. Use it when you need to find and remediate credentials accidentally left in your code.

This skill automatically scans your code for security vulnerabilities based on the OWASP Top 10 (2021) list. It provides a detailed analysis of compliance gaps and remediation guidance to help you identify and fix security issues. Use it to audit your application's security, generate compliance reports, or before a security review.

This skill automatically scans codebases, infrastructure, and documentation for HIPAA compliance issues using the hipaa-compliance-checker plugin. It identifies potential violations related to data privacy, security controls, and protected health information (PHI). Use it when explicitly requested to check compliance, scan for violations, or assess HIPAA readiness in projects handling PHI.

This skill enables Claude to encrypt and decrypt data using various algorithms from the encryption-tool plugin. It should be used for securing sensitive information, handling file encryption/decryption, or generating encrypted files. The skill supports multiple encryption methods to ensure data confidentiality.

This skill analyzes project dependencies for security vulnerabilities, outdated packages, and license compliance issues. It helps developers identify potential risks in their dependencies using the dependency-checker plugin. The skill supports popular package managers including npm, pip, composer, gem, and Go modules.

This skill identifies CSRF vulnerabilities in web applications by validating protection mechanisms like synchronizer tokens, SameSite attributes, and origin validation. Use it to analyze your application's security posture against CSRF attacks when prompted to test or check CSRF protection.

This skill enables Claude to validate Cross-Origin Resource Sharing (CORS) policies to identify security vulnerabilities and misconfigurations. Use it when you need to check CORS configurations, analyze headers, or assess CORS security. It helps ensure proper implementation to prevent unauthorized cross-origin requests and protect sensitive data.