Senior Qa
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: senior-qa Version: 2.1.1 The 'senior-qa' skill bundle is a well-structured set of tools for automating quality assurance tasks in React and Next.js applications. The included Python scripts (test_suite_generator.py, coverage_analyzer.py, and e2e_test_scaffolder.py) perform legitimate static analysis of source code and coverage reports to generate test stubs and identify testing gaps. There is no evidence of malicious intent, data exfiltration, or unauthorized execution; all file operations are restricted to the project directory and align with the stated purpose of improving software quality.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the commands may create or overwrite files in your project and influence test or CI behavior.
The skill directs users to run local scripts that scan project files and create test files, which is expected for a QA scaffolding tool but can modify the codebase.
python scripts/test_suite_generator.py src/components/ --output __tests__/ ... python scripts/e2e_test_scaffolder.py src/app/ --output e2e/
Run the scripts on a branch or clean working tree, use scoped input/output paths, and review generated diffs before committing.
If you run this setup command, it can download tooling and change dependencies or configuration in your project.
The optional Playwright setup step pulls the latest package initializer, which is purpose-aligned but uses a floating version from the package ecosystem.
npm init playwright@latest
Prefer a pinned Playwright version when reproducibility matters, and review package-manager prompts and generated files.
Using real production accounts or environments in generated E2E tests could expose sessions or mutate real account data.
The reference patterns include generated authentication fixtures that log into an app and handle session cookies, which is normal for E2E testing but should be limited to test accounts.
await page.request.post('/api/auth/login', { data: { email: testUser.email, password: 'testpassword' } }); ... const cookies = await page.context().cookies();Use dedicated test users, test passwords, and local or staging environments for generated auth and E2E flows.