QA & Testing Engine
v1.0.0Provides a comprehensive testing methodology for AI software, covering strategy design, unit, integration, and end-to-end tests with coverage and reporting g...
⭐ 2· 1.9k·14 current·14 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description match the provided SKILL.md and README: the content is a comprehensive testing methodology (strategy, unit/integration/E2E, performance, security, accessibility, CI). There are no unexpected environment variables, binaries, or install steps requested that would be unrelated to testing.
Instruction Scope
Most of the SKILL.md content is focused on test design and test cases and is within scope. It explicitly includes security testing (OWASP, 'injection payloads', etc.) which is appropriate for a QA skill but means the agent could generate attack payloads or recommend running intrusive tests — ensure you have authorization and explicit test targets before executing such guidance. Some sections were truncated in the provided excerpt; if the omitted parts include commands to read local files, read env vars, or call external endpoints, that would warrant re-evaluation.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing will be written to disk or installed by the platform when added, minimizing install-time risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate for a documentation/instruction skill. Note: to run actual tests the agent guides you to create, you will likely need to supply your own credentials/endpoints — the skill itself does not request them.
Persistence & Privilege
Defaults are used (not always:true). The skill is user-invocable and can be invoked autonomously per platform defaults; that is normal. The skill does not request persistent system privileges or modify other skills' configurations.
Assessment
This skill appears to be a coherent, instruction-only QA/testing guide. Before installing or acting on its recommendations:
- Do not run security/penetration tests or generated 'injection payloads' against systems you do not own or have explicit authorization to test.
- Be aware the skill may instruct you to provide secrets (API keys, DB creds) when you actually execute tests; only supply those to trusted environments and never paste them into public chat.
- The README links to external paid 'Context Packs' — those are outside the platform and may require payment or external accounts; verify the vendor independently.
- Because portions of the SKILL.md were truncated in the provided excerpt, if you plan to let the agent run tests autonomously, review the entire SKILL.md for any instructions that perform network calls, read local files, or prompt for credentials. If such instructions exist, reconsider enabling autonomous execution and prefer manual, reviewed runs.
If you want higher assurance, provide the full SKILL.md (no truncation) for a line-by-line check; that could raise confidence to high if no out-of-scope commands or data-exfiltration guidance are found.Like a lobster shell, security has layers — review code before you run it.
automationvk97bsw3mpak6v7pb7g25kbnvz981b5r1latestvk97bsw3mpak6v7pb7g25kbnvz981b5r1performancevk97bsw3mpak6v7pb7g25kbnvz981b5r1qavk97bsw3mpak6v7pb7g25kbnvz981b5r1qualityvk97bsw3mpak6v7pb7g25kbnvz981b5r1securityvk97bsw3mpak6v7pb7g25kbnvz981b5r1testingvk97bsw3mpak6v7pb7g25kbnvz981b5r1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.