- Home
- Skills
- Shotaiuchi
- Dotclaude
- Test Security
test-security_skill
- Shell
0
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill shotaiuchi/dotclaude --skill test-security- SKILL.md2.1 KB
Overview
This skill helps you design and generate security test plans focused on authentication, authorization, input validation, injection prevention, CSRF protection, and data encryption. It produces prioritized, actionable test cases and a concise report format to guide implementation. Use it to ensure critical protections are covered and to communicate testing priorities to engineers and QA.
How this skill works
The skill inspects common security areas and converts them into concrete test scenarios with priority ratings (Must, Should, Could, Won't). It outlines checks for login flows, token management, role boundaries, injection vectors, data-at-rest and in-transit protections, and security headers. The output is a structured test plan that teams can execute or translate into automated test scripts.
When to use it
- Before a release that changes auth, session, or token handling
- When adding or modifying role-based access controls or permissions
- During security sprints or threat modeling to create test coverage
- When validating data protection after storage or transport changes
- While hardening APIs and web apps against injection and XSS
Best practices
- Prioritize 'Must' tests to block authentication bypass and data exposure first
- Validate authorization at the API layer, not solely in UI checks
- Use parameterized queries and input sanitization for all data touchpoints
- Include automated regression tests for token expiration, revocation, and MFA
- Mask or redact sensitive values in logs, exports, and error messages
Example use cases
- Create a test suite that verifies login success/failure, token refresh, and session invalidation with 'Must' priority
- Validate role enforcement by testing horizontal and vertical privilege escalation attempts ('Should')
- Run injection tests (SQL, XSS, command, path traversal) and mark defense-in-depth checks as 'Could'
- Confirm encryption at rest and in transit, CORS/CSP headers, and secure deletion workflows
- Produce a concise test report mapping each scenario to Must/Should/Could/Won't priorities for stakeholders
FAQ
Priorities map to risk and impact: Must for authentication/data exposure, Should for authorization boundaries, Could for secondary defenses, and Won't for theoretical physical or insider-only attacks.
Can these tests be automated?
Yes. Most scenarios translate to automated API or end-to-end tests; token/session flows, injection payloads, and header checks are commonly scripted.
What areas should be tested first?
Start with authentication, session/token handling, and any endpoints that expose sensitive data; these are high-impact 'Must' items.