Browser QA
v1.0.1Automate visual testing and UI interaction verification. 4-phase methodology: smoke test (console errors, network status, Web Vitals), interaction test (form...
⭐ 0· 19·0 current·0 all-time
byDeonte Cooper@djc00p
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name and description (automated visual testing, interaction checks, accessibility) match the SKILL.md and reference docs. However, the skill references tooling (Playwright, Puppeteer, axe-core, and 'claude-in-chrome') and includes example code/snippets that imply Node/npm usage and a local Chrome instance, yet the registry metadata declares no required binaries, packages, or env vars. This mismatch is explainable for an instruction-only guide but worth noting: the skill will realistically need browser automation tooling present.
Instruction Scope
Instructions stay within QA scope (navigate pages, capture console/network, take screenshots, run axe-core, test auth flows). They do not instruct reading arbitrary files or contacting unknown endpoints. One important scope consideration: the guidance recommends using a real Chrome instance ('claude-in-chrome') and testing auth flows; that can access local browser profile, cookies, and authenticated sessions if used — a privacy/attack surface consideration even though it is coherent with testing authenticated journeys.
Install Mechanism
There is no install spec and no code files to run; the skill is instruction-only. This is the lowest install risk. References include example npm commands (e.g., installing @axe-core/react) and Playwright example code, which implies the operator will install packages themselves; that is expected for an instructions-only QA guide.
Credentials
The skill requests no environment variables or credentials. Practically, many of the suggested tests (auth flow, staging tests) require test credentials or access to a staging environment; those are not requested by the skill. Also, using the user's local Chrome for tests can expose cookies or other session data — the skill does not request them explicitly, but the operational guidance implies access to sensitive local browser state. This is a proportionality note, not a direct contradiction.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not claim to modify other agent configurations. It is user-invocable and can be run autonomously per platform defaults; nothing in the package requests elevated privileges or persistent/system-wide changes.
Assessment
This is an instruction-only QA methodology and is coherent with its description, but before running it you should: (1) ensure you have the required tooling (Playwright/Puppeteer/axe-core or an appropriate browser automation setup) installed in a controlled environment; (2) avoid running tests against production with your real Chrome profile — use a dedicated test profile or a headless browser to prevent accidental access to cookies/session data; (3) provide only test/staging credentials (never leak real user credentials) if you need to validate auth flows; (4) review any npm packages the agent suggests installing yourself before executing installs; and (5) if you plan to allow autonomous runs, accept that automation using your local browser may touch local data — prefer isolated CI/staging environments for sensitive sites.Like a lobster shell, security has layers — review code before you run it.
latestvk97e26bzpfepvbyzydt8ckpa5984bc23
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧪 Clawdis
OSLinux · macOS · Windows