Create and execute comprehensive tests including unit tests, integration tests, CLI tests, web/mobile UI tests, API tests, and log analysis. Find bugs, verify requirements, identify improvements, and create change/bug/improve backlogs. Use when testing implementations or ensuring quality.
Write focused tests for core user flows and critical business logic, testing behavior rather than implementation, with clear names and fast execution. Use this skill when writing unit tests, integration tests, or end-to-end tests. When testing critical user workflows and primary application features. When creating tests that focus on what code does rather than how it does it. When mocking external dependencies like databases, APIs, or file systems. When naming tests to clearly describe the scenario and expected outcome. When keeping tests fast and independent. When completing feature implementation and adding strategic tests at logical completion points. When working with test files or test frameworks.
Ensures tenant isolation at query and policy level using Row Level Security, automated testing, and security audits. Prevents data leakage between tenants. Use for "multi-tenancy", "tenant isolation", "RLS", or "data security".
Use this skill when integrating Cloudflare Zero Trust Access authentication with Cloudflare Workers applications. Provides Hono middleware setup, manual JWT validation patterns, service token authentication, CORS handling with Access, and multi-tenant configurations. Prevents 8 common errors including CORS preflight blocking (45 min saved), key cache race conditions (20 min), missing JWT headers (30 min), and dev/prod team mismatches (15 min). Saves ~58% tokens (3,250 tokens) and 2.5 hours per implementation. Covers user authentication flows, service-to-service auth, geographic restrictions, role-based access control, and Access policy configuration. Keywords: Cloudflare Access, Zero Trust, Cloudflare Zero Trust Access, Access authentication, JWT validation, access jwt, service tokens, hono cloudflare access, hono-cloudflare-access middleware, workers authentication, protect worker routes, admin authentication, access policy, identity providers, azure ad access, google workspace access, okta access, github a
Test authenticated routes in the your project using cookie-based authentication. Use this skill when testing API endpoints, validating route functionality, or debugging authentication issues. Includes patterns for using test-auth-route.js and mock authentication.
Implements secure authentication patterns including login/registration, session management, JWT tokens, password hashing, cookie settings, and CSRF protection. Provides auth routes, middleware, security configurations, and threat model documentation. Use when building "authentication", "login system", "JWT auth", or "session management".
QA Automation Engineer skill. Use this to write or refactor unit tests. Ensures tests follow the project's xUnit, FluentAssertions, and Moq standards.
Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.
Validates environment variables in CI, prevents secret leaks, enforces masking, and provides fail-fast validation with clear documentation. Use for "secrets management", "env var validation", "credential security", or "secret masking".
Comprehensive quality assurance combining testing strategy, code quality enforcement, and validation gates. Consolidated from testing-strategist, code-quality-enforcer, and validation-gate-checker.
Test strategy and execution. Create test plans, run test suites, or fix failing tests. Use when asked to "run tests", "create test strategy", "fix failing tests", "check coverage", or when you need to verify code works. Supports vitest, playwright, jest, and cypress.
Maintain consistent code formatting, naming conventions, and structure across the entire codebase with automated tools and clear standards. Use this skill when writing any code in any language or framework. When naming variables, functions, classes, or files. When formatting code with proper indentation and line breaks. When refactoring code to remove duplication or extract reusable functions. When running linters or formatters to ensure consistency. When removing dead code, unused imports, or commented-out blocks. When applying DRY principles to avoid code duplication. This skill applies universally to all programming tasks.
Load your coding preferences and project conventions. Use when the user says "use Superwiser", "load preferences", "load my rules", "check coding conventions", or when starting significant work on a feature.
Use when writing or modifying any code. Enforces naming conventions, function design, and code clarity principles.
編輯程式碼時的安全檢查技能。當使用者編輯檔案、修改程式碼、或進行 code review 時自動啟用。監控命令注入、XSS、eval 使用、敏感資料外洩、不安全的 postMessage 等安全風險。靈感來源於 Anthropic 官方 security-guidance plugin。Security checking skill that monitors for potential security issues when editing code, including command injection, XSS, eval usage, credential exposure, and unsafe postMessage patterns. Inspired by Anthropic's official security-guidance plugin.
Use when creating or modifying Firebase Cloud Functions in /functions directory. Enforces function structure and error handling patterns.
To format Dart code consistently, run `dart format .` on the given roots to apply standard formatting.
Validate, format, and work with JSON configuration files
Validate Jupyter notebooks (.ipynb files) for production readiness. Checks smart links consistency, layout structure, transition cells with action cards, numbered part flow, cell ordering, and overall quality. Use when validating notebooks, checking notebook structure, testing smart links, verifying action cards, or preparing notebooks for production deployment. Keywords include ipynb validation, notebook structure, smart links, action cards, transitions, part flow, production ready.
Detect squatters: modules and packages that occupy namespace positions they do not semantically own. Identifies utility dumps, stuttery siblings, axis violations, layer bleeding, and semantic diffusion — common structural smells introduced by agentic programming.
Audit identifiers and namespaces for lexical-semantic and ontological correctness. Detect semantic role misalignment (agent/tool/process/artifact), derivational misuse (e.g., -er agent nouns), and category errors between modules, packages, classes, functions, and data artifacts. Output a single Markdown report with actionable fixes.
Use when reviewing code for production readiness. Identifies critical issues causing production failures: data loss, security breaches, race conditions, performance degradation. Focuses on measurable impact, not style preferences. Triggers: reviewing code changes, verifying code safety/correctness, pre-commit reviews, after implementing significant changes.
Use when creating or editing commands, orchestrator prompts, or workflow documentation before deployment - applies RED-GREEN-REFACTOR to test instruction clarity by finding real execution failures, creating test scenarios, and verifying fixes with subagents
