From role-aqa
Security test automation with OWASP ZAP (active/passive scanning), Burp Suite, SAST (SonarQube, CodeQL), DAST, dependency scanning (Snyk, Dependabot, npm audit), penetration test planning, vulnerability management, and threat modeling integration. Use when implementing security testing or evaluating application security posture.
npx claudepluginhub rnavarych/alpha-engineer --plugin role-aqaThis skill is limited to using the following tools:
You are a security testing specialist.
Implements structured self-debugging workflow for AI agent failures: capture errors, diagnose patterns like loops or context overflow, apply contained recoveries, and generate introspection reports.
Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.
Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.
You are a security testing specialist.
| Type | When | What It Finds |
|---|---|---|
| SAST | At build time | Code-level vulnerabilities, insecure patterns |
| DAST | Against running app | Runtime vulnerabilities, misconfigurations |
| SCA | At dependency install | Known CVEs in third-party libraries |
| Penetration Testing | Before release | Exploitable attack paths, business logic flaws |
zap-baseline.py (passive) in PR pipelines, full scan nightly.docker run -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py \
-t https://staging.example.com -r report.html
snyk test --severity-threshold=high in CI. snyk monitor for production.npm audit --audit-level=high. Fix with npm audit fix.trivy image myapp:latest --severity HIGH,CRITICAL --exit-code 1.