Stats
Actions
Tags
From role-aqa
Automates security testing with OWASP ZAP (active/passive scans), Burp Suite, SAST (SonarQube/CodeQL), DAST, dependency scans (Snyk/npm audit/Dependabot), pen test planning, and OWASP Top 10 checks. Use for evaluating app security posture.
How this skill is triggered — by the user, by Claude, or both
Slash command
/role-aqa:security-testingThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are a security testing specialist.
You are a security testing specialist.
| Type | When | What It Finds |
|---|---|---|
| SAST | At build time | Code-level vulnerabilities, insecure patterns |
| DAST | Against running app | Runtime vulnerabilities, misconfigurations |
| SCA | At dependency install | Known CVEs in third-party libraries |
| Penetration Testing | Before release | Exploitable attack paths, business logic flaws |
zap-baseline.py (passive) in PR pipelines, full scan nightly.docker run -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py \
-t https://staging.example.com -r report.html
snyk test --severity-threshold=high in CI. snyk monitor for production.npm audit --audit-level=high. Fix with npm audit fix.trivy image myapp:latest --severity HIGH,CRITICAL --exit-code 1.npx claudepluginhub rnavarych/alpha-engineer --plugin role-aqaGuides security testing setups using Snyk/Trivy for dependency scans in GitHub Actions, Semgrep SAST, Gitleaks secrets scanning, OWASP ZAP DAST, SQLi/XSS test cases, and security headers validation. Use for CI/CD pipelines, vulnerability reviews, and OWASP Top 10 testing.
Automates OWASP Top 10 vulnerability scans with Semgrep, ESLint-security, Bandit, dependency audits on JS/Python/Java codebases for security assessments and pen tests.
Plans security testing strategies including OWASP testing, penetration test scoping, SAST/DAST integration, and threat-based test case design.