claude-code-plugins-plus-skills
github.com/jeremylongshore/claude-code-plugins-plus-skills
Skill | Added | Review |
|---|---|---|
running-mutation-tests This skill enables Claude to validate test suite quality by performing mutation testing. It is triggered when the user asks to run mutation tests, analyze test effectiveness, or improve test coverage. The skill introduces code mutations, runs tests against the mutated code, and reports on the "survival rate" of the mutations, indicating the effectiveness of the test suite. Use this skill when the user requests to assess the quality of their tests using mutation testing techniques. Specific trigger terms include "mutation testing", "test effectiveness", "mutation score", and "surviving mutants". | 87 1.00x No change in agent success vs baseline Impact 91% 1.00xAverage score across 9 eval scenarios Securityby  Passed No known issues Reviewed: Version: 18c44a8 | |
automating-mobile-app-testing This skill enables automated testing of mobile applications on iOS and Android platforms using frameworks like Appium, Detox, XCUITest, and Espresso. It generates end-to-end tests, sets up page object models, and handles platform-specific elements. Use this skill when the user requests mobile app testing, test automation for iOS or Android, or needs assistance with setting up device farms and simulators. The skill is triggered by terms like "mobile testing", "appium", "detox", "xcuitest", "espresso", "android test", "ios test". | 65 1.00x No change in agent success vs baseline Impact 96% 1.00xAverage score across 3 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
testing-load-balancers This skill enables Claude to test load balancing strategies. It validates traffic distribution across backend servers, tests failover scenarios when servers become unavailable, verifies sticky sessions, and assesses health check functionality. Use this skill when the user asks to "test load balancer", "validate traffic distribution", "test failover", "verify sticky sessions", or "test health checks". It is specifically designed for testing load balancing configurations using the `load-balancer-tester` plugin. | 68 1.25x Agent success vs baseline Impact 75% 1.25xAverage score across 6 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
running-integration-tests This skill enables Claude to run and manage integration test suites. It automates environment setup, database seeding, service orchestration, and cleanup. Use this skill when the user asks to "run integration tests", "execute integration tests", or any command that implies running integration tests for a project, including specifying particular test suites or options like code coverage. It is triggered by phrases such as "/run-integration", "/rit", or requests mentioning "integration tests". The plugin handles database creation, migrations, seeding, and dependent service management. | 65 1.08x Agent success vs baseline Impact 73% 1.08xAverage score across 6 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
generating-end-to-end-tests This skill enables Claude to generate end-to-end (E2E) tests for web applications. It leverages Playwright, Cypress, or Selenium to automate browser interactions and validate user workflows. Use this skill when the user requests to "create E2E tests", "generate end-to-end tests", or asks for help with "browser-based testing". The skill is particularly useful for testing user registration, login flows, shopping cart functionality, and other multi-step processes within a web application. It supports cross-browser testing and can be used to verify the responsiveness of web applications on different devices. | 89 1.00x No change in agent success vs baseline Impact 97% 1.00xAverage score across 9 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
managing-database-testing This skill manages database testing by generating test data, wrapping tests in transactions, and validating database schemas. It is used to create robust and reliable database interactions. Claude uses this skill when the user requests database testing utilities, including test data generation, transaction management, schema validation, or migration testing. Trigger this skill by mentioning "database testing," "test data factories," "transaction rollback," "schema validation," or using the `/db-test` or `/dbt` commands. | 79 1.11x Agent success vs baseline Impact 97% 1.11xAverage score across 6 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
validating-api-contracts This skill validates API contracts using consumer-driven testing and OpenAPI validation. It leverages Pact for consumer-driven contract testing, ensuring that API providers adhere to the expectations of their consumers. It also validates APIs against OpenAPI specifications to guarantee compliance and identify breaking changes. Use this skill when the user asks to generate contract tests, validate API responses, check backward compatibility, or validate requests/responses using the terms "contract-test", "ct", "Pact", "OpenAPI validation", or "consumer-driven contract testing". | 68 1.05x Agent success vs baseline Impact 97% 1.05xAverage score across 3 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
conducting-chaos-engineering This skill enables Claude to design and execute chaos engineering experiments to test system resilience. It is used when the user requests help with failure injection, latency simulation, resource exhaustion testing, or resilience validation. The skill is triggered by discussions of chaos experiments (GameDays), failure injection strategies, resilience testing, and validation of recovery mechanisms like circuit breakers and retry logic. It leverages tools like Chaos Mesh, Gremlin, Toxiproxy, and AWS FIS to simulate real-world failures and assess system behavior. | 61 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
conducting-browser-compatibility-tests This skill enables cross-browser compatibility testing for web applications using BrowserStack, Selenium Grid, or Playwright. It tests across Chrome, Firefox, Safari, and Edge, identifying browser-specific bugs and ensuring consistent functionality. It is used when a user requests to "test browser compatibility", "run cross-browser tests", or uses the `/browser-test` or `/bt` command to assess web application behavior across different browsers and devices. The skill generates a report detailing compatibility issues and screenshots for visual verification. Activates when you request "conducting browser compatibility tests" functionality. | 61 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
automating-api-testing This skill automates API endpoint testing, including request generation, validation, and comprehensive test coverage for REST and GraphQL APIs. It is used when the user requests API testing, contract testing, or validation against OpenAPI specifications. The skill analyzes API endpoints and generates test suites covering CRUD operations, authentication flows, and security aspects. It also validates response status codes, headers, and body structure. Use this skill when the user mentions "API testing", "REST API tests", "GraphQL API tests", "contract tests", or "OpenAPI validation". | 61 Impact Pending No eval scenarios have been run Securityby Risky Do not use without reviewing Reviewed: Version: 18c44a8 | |
fuzzing-apis This skill enables Claude to perform automated fuzz testing on APIs to discover vulnerabilities, crashes, and unexpected behavior. It leverages malformed inputs, boundary values, and random payloads to generate comprehensive fuzz test suites. Use this skill when you need to identify potential SQL injection, XSS, command injection vulnerabilities, input validation failures, and edge cases in APIs. Trigger this skill by requesting fuzz testing, vulnerability scanning, or security analysis of an API. The skill is invoked using the `/fuzz-api` command. | 61 Impact Pending No eval scenarios have been run Securityby Advisory Suggest reviewing before use Reviewed: Version: 18c44a8 | |
scanning-for-accessibility-issues This skill enables Claude to perform comprehensive accessibility audits. It uses the accessibility-test-scanner plugin to identify WCAG 2.1/2.2 compliance issues, validate ARIA attributes, check keyboard navigation, and assess screen reader compatibility. Use this skill when the user requests an accessibility scan, audit, or compliance check, or when terms like "WCAG", "ARIA", "screen reader", "accessibility testing", or "a11y" are mentioned. It provides actionable insights for improving web application accessibility. | 66 Impact Pending No eval scenarios have been run Securityby Advisory Suggest reviewing before use Reviewed: Version: 18c44a8 | |
scanning-for-xss-vulnerabilities This skill enables Claude to automatically scan for XSS (Cross-Site Scripting) vulnerabilities in code. It is triggered when the user requests to "scan for XSS vulnerabilities", "check for XSS", or uses the command "/xss". The skill identifies reflected, stored, and DOM-based XSS vulnerabilities. It analyzes HTML, JavaScript, CSS, and URL contexts to detect potential exploits and suggests safe proof-of-concept payloads. This skill is best used during code review, security audits, and before deploying web applications to production. | 78 0.98x Agent success vs baseline Impact 96% 0.98xAverage score across 6 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
scanning-for-vulnerabilities This skill enables comprehensive vulnerability scanning using the vulnerability-scanner plugin. It identifies security vulnerabilities in code, dependencies, and configurations, including CVE detection. Use this skill when the user asks to scan for vulnerabilities, security issues, or CVEs in their project. Trigger phrases include "scan for vulnerabilities", "find security issues", "check for CVEs", "/scan", or "/vuln". The plugin performs static analysis, dependency checking, and configuration analysis to provide a detailed vulnerability report. | 81 1.03x Agent success vs baseline Impact 96% 1.03xAverage score across 6 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
managing-ssltls-certificates This skill enables Claude to manage and monitor SSL/TLS certificates using the ssl-certificate-manager plugin. It is activated when the user requests actions related to SSL certificates, such as checking certificate expiry, renewing certificates, or listing installed certificates. Use this skill when the user mentions "SSL certificate", "TLS certificate", "certificate expiry", "renew certificate", or similar phrases related to SSL/TLS certificate management. The plugin can list, check, and renew certificates, providing vital information for maintaining secure connections. | 67 1.08x Agent success vs baseline Impact 93% 1.08xAverage score across 3 eval scenarios Securityby Advisory Suggest reviewing before use Reviewed: Version: 18c44a8 | |
detecting-sql-injection-vulnerabilities This skill enables Claude to detect SQL injection vulnerabilities in code. It uses the sql-injection-detector plugin to analyze codebases, identify potential SQL injection flaws, and provide remediation guidance. Use this skill when the user asks to find SQL injection vulnerabilities, scan for SQL injection, or check code for SQL injection risks. The skill is triggered by phrases like "detect SQL injection", "scan for SQLi", or "check for SQL injection vulnerabilities". | 74 1.13x Agent success vs baseline Impact 90% 1.13xAverage score across 6 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
assisting-with-soc2-audit-preparation This skill assists with SOC2 audit preparation by automating tasks related to evidence gathering and documentation. It leverages the soc2-audit-helper plugin to generate reports, identify potential compliance gaps, and suggest remediation steps. Use this skill when the user requests help with "SOC2 audit", "compliance check", "security controls", "audit preparation", or "evidence gathering" related to SOC2. It streamlines the initial stages of SOC2 compliance, focusing on automated data collection and preliminary analysis. | 78 1.01x Agent success vs baseline Impact 95% 1.01xAverage score across 6 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
checking-session-security This skill enables Claude to check session security implementations within a codebase. It analyzes session management practices to identify potential vulnerabilities. Use this skill when a user requests to "check session security", "audit session handling", "review session implementation", or asks about "session security best practices" in their code. It helps identify issues like insecure session IDs, lack of proper session expiration, or insufficient protection against session fixation attacks. This skill leverages the session-security-checker plugin. Activates when you request "checking session security" functionality. | 80 1.00x No change in agent success vs baseline Impact 95% 1.00xAverage score across 6 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
finding-security-misconfigurations This skill enables Claude to identify potential security misconfigurations in various systems and configurations. It leverages the security-misconfiguration-finder plugin to analyze infrastructure-as-code, application configurations, and system settings, pinpointing common vulnerabilities and compliance issues. Use this skill when the user asks to "find security misconfigurations", "check for security vulnerabilities in my configuration", "audit security settings", or requests a security assessment of a specific system or file. This skill will assist in identifying and remediating potential security weaknesses. | 79 1.01x Agent success vs baseline Impact 100% 1.01xAverage score across 6 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
responding-to-security-incidents Assists with security incident response, investigation, and remediation. This skill is triggered when the user requests help with incident response, mentions specific incident types (e.g., data breach, ransomware, DDoS), or uses terms like "incident response plan", "containment", "eradication", or "post-incident activity". It guides the user through the incident response lifecycle, from preparation to post-incident analysis. It is useful for classifying incidents, creating response playbooks, collecting evidence, constructing timelines, and generating remediation steps. Use this skill when needing to respond to a "security incident". | 74 0.97x Agent success vs baseline Impact 96% 0.97xAverage score across 6 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
analyzing-security-headers This skill analyzes HTTP security headers of a given domain to identify potential vulnerabilities and misconfigurations. It provides a detailed report with a grade, score, and recommendations for improvement. Use this skill when the user asks to "analyze security headers", "check HTTP security", "scan for security vulnerabilities", or requests a "security audit" of a website. It will automatically activate when security-related keywords are used in conjunction with domain names or URLs. | 79 1.22x Agent success vs baseline Impact 93% 1.22xAverage score across 6 eval scenarios Securityby Advisory Suggest reviewing before use Reviewed: Version: 18c44a8 | |
generating-security-audit-reports This skill enables Claude to generate comprehensive security audit reports. It is designed to provide insights into an application or system's security posture, compliance status, and recommended remediation steps. Use this skill when the user requests a "security audit report", wants to "audit security", or needs a "vulnerability assessment report". The skill analyzes security data and produces a detailed report in various formats. It is best used to identify vulnerabilities, track compliance, and create remediation roadmaps. The skill can be activated via the command `/audit-report` or its shortcut `/auditreport`. | 78 1.04x Agent success vs baseline Impact 100% 1.04xAverage score across 6 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 | |
scanning-for-secrets This skill helps you scan your codebase for exposed secrets and credentials. It uses pattern matching and entropy analysis to identify potential security vulnerabilities such as API keys, passwords, and private keys. Use this skill when you want to proactively identify and remediate exposed secrets before they are committed to version control or deployed to production. It is triggered by phrases like "scan for secrets", "check for exposed credentials", "find API keys", or "run secret scanner". | 82 1.24x Agent success vs baseline Impact 93% 1.24xAverage score across 6 eval scenarios Securityby Risky Do not use without reviewing Reviewed: Version: 18c44a8 | |
performing-penetration-testing This skill enables automated penetration testing of web applications. It uses the penetration-tester plugin to identify vulnerabilities, including OWASP Top 10 threats, and suggests exploitation techniques. Use this skill when the user requests a "penetration test", "pentest", "vulnerability assessment", or asks to "exploit" a web application. It provides comprehensive reporting on identified security flaws. | 70 1.02x Agent success vs baseline Impact 92% 1.02xAverage score across 6 eval scenarios Securityby Advisory Suggest reviewing before use Reviewed: Version: 18c44a8 | |
validating-pci-dss-compliance This skill uses the pci-dss-validator plugin to assess codebases and infrastructure configurations for compliance with the Payment Card Industry Data Security Standard (PCI DSS). It identifies potential vulnerabilities and deviations from PCI DSS requirements. Use this skill when the user requests to "validate PCI compliance", "check PCI DSS", "assess PCI security", or "review PCI standards" for a given project or configuration. It helps ensure that systems handling cardholder data meet the necessary security controls. | 84 1.12x Agent success vs baseline Impact 92% 1.12xAverage score across 9 eval scenarios Securityby Passed No known issues Reviewed: Version: 18c44a8 |