e2e-test-specialist
PassAudited by ClawScan on May 5, 2026.
Overview
This is a coherent instruction-only E2E testing guide, with normal but powerful testing examples that should be used only in scoped test environments.
This skill appears safe to install as an instruction-only E2E testing helper. Before using generated tests, make sure they target localhost, staging, or isolated test systems; avoid production credentials; and review any database seeding, API mutation, or CI/CD automation before running it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied into a real project without scoping, generated tests could affect live data or run broad database operations.
The Cypress example exposes database query and seeding tasks. This is common for E2E test setup, but it can modify or inspect application data if used against the wrong environment.
queryDb: (query) => { return queryDatabase(query, config); }, seedDatabase: () => { return seedTestDatabase(config); }Use these patterns only with isolated test databases, restrict task inputs, and require explicit review before running tests against shared or production environments.
A broadly privileged token could let tests create or modify account data if run against the wrong service.
The examples show authenticated API testing with an API token. This is expected for E2E/API tests, but tokens should be scoped and handled carefully.
'Authorization': `Bearer ${Cypress.env('API_TOKEN')}`Use least-privilege test credentials, keep tokens out of committed files and logs, and separate test/staging credentials from production credentials.