testing
19K
egg-unittest
本技能用于编写 EGG 应用的单元测试。覆盖 HTTP 接口测试、Service/DI 对象测试、Mock 数据模拟、BackgroundTask 和 EventBus 测试。使用 @eggjs/mock、app.httpRequest()、app.getEggObject()、mm() 等 API。
eggjs
testing-security
domain cluster
Testing & Security
QA, penetration testing, and code quality.
9326টি স্কিলall categories
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
code-quality
18.9K
nemoclaw-maintainer-security-code-review
Performs a comprehensive security review of code changes in a GitHub PR or issue. Checks out the branch, analyzes changed files against a 9-category security checklist, and produces PASS/WARNING/FAIL verdicts. Use when reviewing pull requests for security vulnerabilities, hardcoded secrets, injection flaws, auth bypasses, or insecure configurations. Trigger keywords - security review, code review, appsec, vulnerability assessment, security audit, review PR security.
NVIDIA
testing-security
security
18.9K
nemoclaw-user-configure-security
Presents a risk framework for every configurable security control in NemoClaw. Use when evaluating security posture, reviewing sandbox security defaults, or assessing control trade-offs. Explains where NemoClaw stores provider credentials, the file permissions it applies, and the operational security trade-offs of plaintext local storage. Use when reviewing credential handling or advising users how to secure stored API keys. Lists OpenClaw security controls that operate independently of NemoClaw, including prompt injection detection, tool access control, rate limiting, environment variable policy, audit framework, supply chain scanning, messaging access policy, context visibility, and safe regex. Use when reviewing the security boundary between NemoClaw and OpenClaw or assessing what NemoClaw does not cover.
NVIDIA
testing-security
testing
18.8K
playwright-e2e
Playwright E2E test generation workflow for Opik. Use when generating, fixing, or planning automated tests in tests_end_to_end/.
comet-ml
testing-security
code-quality
18.7K
remove-redundancy-import
检查 Java 类中未被引用的冗余 import 并移除。先输出待审阅计划,用户确认后执行。适用于用户要求清理冗余导包、优化 import、或执行 remove-redundancy-import 时使用。
dromara
testing-security
code-quality
18.4K
code-change-verification
Run the mandatory verification stack when changes affect runtime code, tests, or build/test behavior in the OpenAI Agents Python repository.
openai
testing-security
testing
18.4K
test-coverage-improver
Improve test coverage in the OpenAI Agents Python repository: run `make coverage`, inspect coverage artifacts, identify low-coverage files, propose high-impact tests, and confirm with the user before writing tests.
openai
testing-security
code-quality
18.2K
code-quality
General Correctness rules, Rust patterns, comments, avoiding over-engineering. When writing code always take these into account
tursodatabase
testing-security
code-quality
18.2K
security-differential-review
Perform security-focused differential code review on changesets, pull requests, and commits. Use when reviewing diffs for security implications, assessing whether code changes introduce vulnerabilities, or comparing before/after states of security-sensitive code.
elizaOS
testing-security
code-quality
18.2K
security-modern-python
Write and review secure modern Python code following current best practices. Use when auditing Python applications for security issues, implementing secure patterns with modern Python features (3.10+), reviewing Python web frameworks, or hardening Python deployments.
elizaOS
testing-security
code-quality
18.2K
spec-to-code-compliance
Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whitepapers, finding gaps between specs and implementation, or performing compliance checks for protocol implementations.
elizaOS
testing-security
code-quality
18.2K
spec-to-code-compliance
Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whitepapers, finding gaps between specs and implementation, or performing compliance checks for protocol implementations.
elizaOS
testing-security
code-quality
18.2K
fuzzing-obstacles
The agent patches the system under test (SUT) to overcome common fuzzing obstacles using conditional compilation. It bypasses checksum and hash verification, replaces non-deterministic PRNG seeding with fixed seeds, skips complex multi-stage validation, and provides safe default values to prevent false positives. The agent uses FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION in C/C++ and cfg!(fuzzing) in Rust to ensure patches apply only during fuzzing builds. It applies this technique when coverage reports reveal unreachable code behind checksums, cryptographic signatures, time-seeded random state, or expensive validation logic that blocks fuzzer exploration of deeper code paths in libFuzzer, AFL++, honggfuzz, cargo-fuzz, and LibAFL targets.
elizaOS
testing-security
security
18.2K
yara-authoring
Write and test YARA rules for malware detection and threat hunting. Use when creating YARA signatures, detecting malware families, scanning files or memory for indicators of compromise, or building detection rules for threat intelligence.
elizaOS
testing-security
testing
18.2K
security-property-based-testing
Apply property-based testing to find security vulnerabilities by generating adversarial inputs automatically. Use when writing property tests for security invariants, fuzz-testing parsers or validators, testing auth boundaries with generated inputs, or verifying cryptographic properties.
elizaOS
testing-security
testing
18.2K
testing-handbook-skills
Application security testing toolkit from the Trail of Bits Testing Handbook. Helps the agent set up fuzzing campaigns, write fuzz harnesses, run coverage-guided fuzzers (libFuzzer, AFL++, cargo-fuzz, Atheris, Ruzzy), and triage crashes. Covers memory-safety sanitizers (AddressSanitizer, UBSan, MSan), static analysis with Semgrep and CodeQL, cryptographic validation using Wycheproof test vectors, and constant-time verification. Use when testing C, C++, Rust, Python, or Ruby code for vulnerabilities, improving code coverage, building seed corpora, creating fuzzing dictionaries, overcoming fuzzing obstacles, or integrating security checks into CI/CD with OSS-Fuzz.
elizaOS
testing-security
testing
18.2K
wycheproof
Guides agents in using Wycheproof test vectors to validate cryptographic implementations against known attacks, edge cases, and vulnerability patterns. Covers integrating test vectors for AES-GCM, ECDSA, ECDH, EdDSA, RSA, and ChaCha20-Poly1305 into testing workflows. Helps when writing crypto tests, checking for signature malleability, invalid curve attacks, padding oracle issues, DER encoding bugs, or setting up CI for cryptographic libraries. Applies to verifying encryption, decryption, signing, and key exchange correctness using structured JSON test vector suites.
elizaOS
testing-security
testing
17.9K
vscode-visual-regression
Write Storybook stories and visual regression tests for the Kilo VS Code extension webview UI
Kilo-Org
testing-security