A comprehensive collection of skills and tools for performance analysis, security testing, development workflows, and enterprise optimization.
This repository provides ready-to-use Claude Code skills for:
- Performance Analysis: Python/Java profiling, memory analysis, database optimization
- Security Testing: SAST/DAST scanning, dependency checking, penetration testing
- Development Workflow: TDD, code review, refactoring, Git workflows
- Enterprise Integration: AWS cost analysis, JIRA integration, monitoring tools
git clone https://github.com/your-username/claude-code-skills-tools.git
cd claude-code-skills-toolsSkills are located in .claude/skills/ and automatically detected by Claude Code.
# List all skills
ls .claude/skills/
# Validate skills
python .claude/skills/skill-validator/skill-validator.py .claude/skillsclaude-code-skills-tools/
├── .claude/skills/ # Claude Code skills (17 total)
│ ├── python-profiler/
│ ├── java-profiler/
│ ├── memory-analyzer/
│ ├── database-optimizer/
│ ├── sast-analyzer/
│ ├── dast-scanner/
│ ├── dependency-checker/
│ ├── penetration-tester/
│ ├── tdd-workflow/
│ ├── code-reviewer/
│ ├── refactoring-assistant/
│ ├── git-workflow/
│ ├── aws-cost-analyzer/
│ ├── jira-integration/
│ ├── skill-validator/ # Utility skill
│ ├── performance-monitor/ # Utility skill
│ └── security-scanner/ # Utility skill
│
└── README.md # This file
Purpose: CPU, memory, and performance profiling for Python applications
Use When: Python app is slow or uses excessive memory
Quick Example:
# CPU profiling
python -m cProfile -o output.prof your_script.py
# Visualize with Pyinstrument
pyinstrument --html your_script.pyPurpose: JVM profiling for Java/Spring Boot applications
Use When: Optimizing microservices, finding memory leaks, analyzing GC
Quick Example:
# Built-in VisualVM
jvisualvm
# Java Flight Recorder
java -XX:StartFlightRecording=duration=60s,filename=recording.jfr MyAppPurpose: Cross-platform memory leak detection and heap analysis
Use When: Memory grows continuously or OutOfMemory errors occur
Quick Example:
import tracemalloc
tracemalloc.start()
# ... your code ...
current, peak = tracemalloc.get_traced_memory()
print(f"Peak: {peak / 1024 / 1024:.2f}MB")Purpose: N+1 query detection, ORM optimization, query analysis
Use When: Database queries are slow or generating too many queries
Quick Example:
// ✅ Use JOIN FETCH for eager loading
@Query("SELECT u FROM User u LEFT JOIN FETCH u.orders")
List<User> findAllWithOrders();Purpose: Static security analysis with Semgrep, finds SQL injection, XSS, OWASP Top 10
Use When: Before every deploy, in CI/CD pipeline
Quick Example:
# Scan with Semgrep
semgrep --config=auto --sarif > results.sarif .Purpose: Dynamic security testing on running applications
Use When: Testing staging environment after deployment
Quick Example:
# StackHawk scan
hawk scan stackhawk.yml
# OWASP ZAP
zap-cli quick-scan http://localhost:3000Purpose: SCA (Software Composition Analysis) for vulnerable dependencies
Use When: Weekly, before production, in CI/CD
Quick Example:
# npm
npm audit
# Python
pip-audit -r requirements.txt
# Multi-language
snyk testPurpose: Authorized penetration testing workflows
Use When: Security audits, CTF challenges, authorized testing only
Quick Example:
# Web fuzzing
ffuf -w wordlist.txt -u http://target.com/FUZZ
# Port scanning
nmap -p- -T4 target.comPurpose: Test-Driven Development with red-green-refactor pattern
Use When: Developing new features, ensuring code quality
Quick Example:
# Python pytest watch
pytest-watch
# JavaScript Jest watch
jest --watchPurpose: Systematic code review checklist (architecture, security, performance)
Use When: Before every merge, pull request reviews
Quick Example:
# Review checklist
python .claude/skills/code-reviewer/review_checklist.pyPurpose: Identify code smells, suggest refactoring patterns
Use When: Legacy code cleanup, technical debt reduction
Quick Example:
# Detect code smells
python .claude/skills/refactoring-assistant/refactor_detector.py ./srcPurpose: Git best practices, branching strategies, semantic commits
Use When: Every project with version control
Quick Example:
# Create feature branch
git checkout -b feature/user-authentication
# Semantic commit
git commit -m "feat(auth): add JWT authentication"Purpose: AWS cost analysis and optimization
Use When: Monthly cost reviews, identifying unused resources
Quick Example:
# Cost report
python .claude/skills/aws-cost-analyzer/aws_cost_report.py
# Find unused resources
python .claude/skills/aws-cost-analyzer/find_unused_resources.pyPurpose: JIRA automation for ticket management and Git commit linking
Use When: Issue tracking, automated reporting, PR linking
Quick Example:
# Create ticket
python .claude/skills/jira-integration/jira_cli.py create PROJ Bug
# List issues
python .claude/skills/jira-integration/jira_cli.py list PROJPurpose: Validate SKILL.md files for correct format and structure
Quick Example:
python .claude/skills/skill-validator/skill-validator.py .claude/skillsPurpose: Track execution metrics and performance of skills
Quick Example:
python .claude/skills/performance-monitor/performance-monitor.py reportPurpose: Automated security scanning for secrets, vulnerabilities, unsafe patterns
Quick Example:
./.claude/skills/security-scanner/security-scanner.sh .# Python 3.8+
python3 --version
# pip
pip3 --version
# Git
git --version# Performance profiling
pip install cProfile pyinstrument memory-profiler py-spy psutil
# Security scanning
pip install bandit semgrep pip-audit safety
# Code quality
pip install pylint radon
# JIRA integration
pip install jira
# AWS tools
pip install boto3 awsclimacOS:
brew install jq git-extras shellcheckLinux (Ubuntu/Debian):
sudo apt-get update
sudo apt-get install jq shellcheck# Step 1: Profile with VisualVM
jvisualvm # Attach to running app
# Step 2: Detect N+1 queries
# Use database-optimizer skill
# Step 3: Analyze query logs
# Use database-optimizer skill
# Step 4: Apply fixes and re-test# Step 1: SAST scan
semgrep --config=auto --json > sast-results.json .
# Step 2: Dependency check
npm audit
pip-audit -r requirements.txt
# Step 3: Repository security scan
./.claude/skills/security-scanner/security-scanner.sh .
# Step 4: Review and fix issues# Step 1: Validate skills
python .claude/skills/skill-validator/skill-validator.py .claude/skills
# Step 2: Run code review checklist
# Use code-reviewer skill
# Step 3: Check complexity
# Use code-reviewer skill
# Step 4: Approve or request changes# Step 1: Monthly cost report
python .claude/skills/aws-cost-analyzer/aws_cost_report.py
# Step 2: Find unused resources
python .claude/skills/aws-cost-analyzer/find_unused_resources.py
# Step 3: Right-sizing recommendations
./.claude/skills/aws-cost-analyzer/rightsize_recommendations.sh
# Step 4: Implement optimizations- Profile First: Don't optimize without data
- Focus on Bottlenecks: Only optimize real bottlenecks
- Measure Impact: Validate optimizations work
- Zero N+1 Tolerance: Always eliminate N+1 queries
- Shift Left: Security testing early in development
- Automated Scanning: CI/CD integration for SAST/DAST
- Dependency Updates: Weekly dependency scanning
- Zero Secrets: Never hardcode credentials
- TDD: Test first, then implementation
- Small Commits: Atomic and frequent commits
- Code Review: Always review before merge
- Refactor Continuously: Pay technical debt regularly
- Tag Everything: AWS resource tagging for cost allocation
- Monitor Continuously: Metrics and alerting always-on
- Document Decisions: Architectural Decision Records (ADR)
- Automate Workflows: Scripts for repetitive tasks
- Create directory:
.claude/skills/<skill-name>/ - Create
SKILL.mdwith template:
---
name: skill-name
description: Brief description (max 1024 chars)
---
# Skill Name
## Overview
...
## Capabilities
...
## Usage
...- Validate syntax:
python .claude/skills/skill-validator/skill-validator.py .claude/skills- Test the skill manually
- Create pull request
Open an issue on GitHub with:
- Problem description
- Steps to reproduce
- Expected vs actual behavior
- Environment (OS, Python version, etc.)
- Add CI/CD pipeline for automated testing
- Integrate with Claude Code MCP
- Add Docker containerization for tools
- Create skill templates generator
- Add machine learning profiling skills
- Kubernetes cost optimization skill
- Web dashboard for metrics visualization
- Advanced multi-language support
MIT License - see LICENSE file for details
Developed for enterprise software development with focus on:
- Performance optimization
- Security best practices
- Development workflow automation
- Cloud cost management
For questions or support:
- GitHub Issues: github.com/your-username/claude-code-skills-tools/issues
- Documentation: Check individual SKILL.md files in
.claude/skills/
Note: This repository is a living document. Skills and tools are regularly updated based on feedback and emerging best practices.