aeondave/test-driven-development
coding/test-driven-development/SKILL.md
Use when implementing persistent code, bug fixes, refactors, scripts, exploit tooling, harnesses, or skill utilities before writing implementation code. Applies when tests, reproducers, assertions, or verification can be written first; treat disposable spikes separately and convert them to tested code before claiming reliability.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill test-driven-developmentInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 5, 2026, 4:14 AM298.5s2 files scanned
SKILL.md
- name:
- test-driven-development
- description:
- Use when implementing persistent code, bug fixes, refactors, scripts, exploit tooling, harnesses, or skill utilities before writing implementation code. Applies when tests, reproducers, assertions, or verification can be written first; treat disposable spikes separately and convert them to tested code before claiming reliability.
- license:
- MIT
- compatibility:
- Language-agnostic TDD workflow. Pair with language-specific testing skills for commands and framework details.
- author:
- AeonDave
- version:
- 1.0
Test-Driven Development
Write the proof first. If the proof never failed, it may not prove anything.
Activation
Use this for code that is meant to remain: features, bug fixes, refactors, test harnesses, scripts, offensive tooling, parsers, and skill utilities.
Disposable exploration is allowed only as a spike. Do not ship, commit, or claim reliability from spike code until behavior is captured by a test, reproducer, or explicit verification gate.
RED-GREEN-REFACTOR
- RED: write one minimal test or reproducer for desired behavior or the bug.
- Verify RED: run it and confirm it fails for the expected reason.
- GREEN: implement the smallest code that makes it pass.
- Verify GREEN: run the focused check and relevant broader checks.
- REFACTOR: clean structure while checks stay green.
- Repeat: one behavior at a time.
Good tests
- Test behavior, primitive, or contract rather than mock call trivia.
- Use clear names that describe expected behavior.
- Keep setup small enough that failure attribution is obvious.
- Cover error paths, trust boundaries, and edge inputs when they define the contract.
Bug fixes
Before changing production code, create the smallest reproducer for the failure. For exploit or fuzzing work, preserve the crash input, seed, transcript, or packet sample and prove the fix against it.
Stop signals
- Test passes before implementation: the test is wrong or behavior already exists.
- Test errors for setup reasons: fix the test until it fails for the intended reason.
- Test requires massive setup: the design may be too coupled; simplify the seam.
- You wrote code first: restart from a failing test or mark the earlier code as disposable spike material.
Resources
Load on demand:
references/tdd-rationalizations.md— common shortcuts, legitimate exceptions, and offensive-development adaptations.
Related Skills
aeondave/offensive-linux-role
data-ai
VerifiedTrustedCommunity
Scoped routing: Linux operator; hosts, sessions, users, services, packages, logs, containers, SSH, network paths, privilege evidence.
4SKILL.mdUpdated Jun 5, 2026
aeondave/ics-technique
development
VerifiedTrustedCommunity
Offensive methodology for ICS/OT/SCADA environments in authorized industrial penetration testing and red team operations. Use when assessing PLCs, RTUs, HMIs, engineering workstations, historians, or field devices running Modbus, DNP3, EtherNet/IP, S7comm/S7+, Profinet, IEC 60870-5-104, BACnet, or OPC-UA. Covers passive OT network enumeration, protocol-level device interrogation, PLC coil/register read-write attacks, HMI session exploitation, historian and engineering workstation compromise, and safe escalation rules for critical infrastructure scope. Does not cover: general IT network exploitation (network-technique), physical hardware interfaces UART/JTAG/SPI (hardware-technique), wireless sensor network attacks (wireless-technique), RF/SDR signal analysis (hardware-ctf or wireless-technique), or CTF-framed ICS lab tasks (ics-ctf).
4SKILL.mdUpdated Jun 2, 2026
aeondave/game-technique
tools
VerifiedTrustedCommunity
Offensive methodology for authorized game security assessments, game client security research, and game-adjacent penetration testing in real-world engagements. Use when assessing game clients for cheating vulnerabilities, testing anti-cheat effectiveness, auditing game server protocols for score manipulation or economic fraud, reverse engineering game DRM or license validation, analyzing game save file protection, or assessing game mod/plugin security. Covers: process memory scanning and manipulation (Cheat Engine methodology), game binary reversing for license and DRM bypass, game network protocol analysis and packet replay, anti-cheat mechanism analysis, save file format reversing and tampering, speed hack and value injection techniques. Does NOT cover: CTF game challenges (game-ctf), game engine source code auditing (web-exploit-technique or vuln-search-technique for the backend), or general binary exploitation (pwn-ctf or reversing-technique).
4SKILL.mdUpdated Jun 2, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 2, 2026