qa-browser-tester

Launch a real headless browser on the server and perform exhaustive end-to-end QA testing of a web application — clicking every button, filling every form, n...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 67 · 0 current installs · 0 all-time installs

by@melnikdavid

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (exhaustive headless-browser QA) aligns with the instructions: environment detection, installing Playwright/Chromium, and an automated test script. Requiring system package installs and probing the runtime environment (which package manager exists, memory, whether inside Docker) is reasonable for this purpose. However, some instructions (e.g., insistence on specific --no-sandbox flags) reduce process isolation and should be considered risky even if justified for Docker/root scenarios.

Instruction Scope

SKILL.md explicitly instructs the agent to run many system commands (apt/apk/curl/get-pip, pip installs), to cat system files (/etc/os-release, /proc/1/cgroup), to print whoami/id, and to report 'ALL output' before proceeding. The test script will click every button and submit every form automatically (including empty/invalid/filled submissions) which can trigger destructive actions (create accounts, send emails, perform deletes or payments) and has no explicit safeguards (dry-run mode, confirmation prompts, whitelist/blacklist, safe HTTP methods, or detection of destructive buttons). Collecting and printing local environment details combined with network installs and automated form submissions increases the chance of unintended or dangerous side effects.

Install Mechanism

This is an instruction-only skill (no bundled install), but the runtime instructions direct the agent to install pip (via get-pip.py if needed), pip-install Playwright, and invoke playwright's Chromium installer which downloads large browser binaries from upstream hosts. Those network downloads and package installs will write to the system and may require root. While expected for browser automation, this is higher-risk than an instruction-only skill that only calls existing, preinstalled tools.

ℹ

Credentials

The skill does not request credentials or environment variables, which is good. It does, however, instruct reading system files and printing identity information (whoami, id) and system state; these actions are reasonable for environment detection but they expose local system details. The skill's operations (installing packages, running browsers with sandbox disabled) can affect the host and are disproportionate if the user expected a lightweight check.

✓

Persistence & Privilege

The skill is not permanently installed, doesn't declare always:true, and is user-invocable only. It does not request to modify other skills or system-wide agent settings in the provided instructions.

What to consider before installing

This skill will install Playwright/Chromium (potentially by running get-pip.py and pip), run system package installs, disable Chromium's sandbox flags, probe system files, and then automatically click and submit everything it finds on the target site. Those actions can be destructive (create/delete data, send emails, trigger payments) and weaken process isolation (no-sandbox). Only run this on an isolated test or staging environment you control. Before running: (1) set BASE_URL to a safe test target, (2) review and optionally run the Phase 0 commands manually to inspect environment, (3) consider running inside a disposable Docker container or VM with limited network access and snapshots, (4) do not run against production systems with real data/credentials, and (5) ensure you have backups and approval for any automated actions. If you need safer behavior, request a dry-run mode, a whitelist of paths, or confirmation prompts before submissions/clicks.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk977qr777rn559n8cyertshygd836vcz

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

QA Browser Tester

Exhaustive automated QA testing via headless Chromium browser. Works on bare Linux servers and inside Docker containers.

How to Use This Skill

Read this file fully before starting
Follow the phases IN ORDER — never skip Phase 0 or Phase 1
See references/docker-setup.md for Docker-specific install instructions
See references/test-phases.md for the full test script

PHASE 0 — DETECT ENVIRONMENT

Run these commands and report ALL output before doing anything else:

cat /etc/os-release 2>/dev/null | head -3
cat /proc/1/cgroup | grep -i docker && echo "YES: inside Docker" || echo "not in Docker"
whoami && id
which apt-get apk yum 2>/dev/null || echo "no package manager found"
python3 --version 2>/dev/null || echo "no python3"
pip3 --version 2>/dev/null || echo "no pip3"
node --version 2>/dev/null || echo "no node"
python3 -c "import playwright; print('playwright already installed')" 2>/dev/null || echo "playwright NOT installed"
which chromium chromium-browser google-chrome 2>/dev/null || echo "no browser binary"
df -h / | tail -1
curl -s --max-time 5 https://pypi.org > /dev/null && echo "internet OK" || echo "NO INTERNET"

→ If inside Docker, read references/docker-setup.md before proceeding. → If on bare Linux, continue to Phase 1 directly.

PHASE 1 — INSTALL PLAYWRIGHT

Standard Linux (apt available):

apt-get update -qq && apt-get install -y python3-pip curl -qq
pip3 install playwright
python3 -m playwright install chromium
python3 -m playwright install-deps chromium

Alpine (apk available):

apk add --no-cache chromium nss freetype harfbuzz ca-certificates ttf-freefont python3 py3-pip
pip3 install playwright
export PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH=$(which chromium-browser || which chromium)
python3 -m playwright install chromium

No package manager / no pip:

curl https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py
python3 /tmp/get-pip.py
pip3 install playwright
python3 -m playwright install chromium
python3 -m playwright install-deps chromium

PHASE 2 — VERIFY BROWSER WORKS

⚠️ CRITICAL: On any Linux server or Docker container, Chromium MUST be launched with these exact flags or it will crash:

--no-sandbox
--disable-dev-shm-usage
--disable-gpu
--disable-setuid-sandbox
--single-process

Run this verification test:

python3 << 'EOF'
from playwright.sync_api import sync_playwright

DOCKER_ARGS = [
    "--no-sandbox",
    "--disable-dev-shm-usage",
    "--disable-gpu",
    "--disable-setuid-sandbox",
    "--single-process",
]

with sync_playwright() as p:
    browser = p.chromium.launch(headless=True, args=DOCKER_ARGS)
    page = browser.new_page()
    page.goto("https://example.com", wait_until="networkidle")
    print(f"✅ Browser OK — title: {page.title()}")
    browser.close()
EOF

✅ SUCCESS → continue to Phase 3 ❌ FAILURE → report exact error, stop, do not proceed

PHASE 3 — RUN EXHAUSTIVE TESTS

Read references/test-phases.md for the complete test script.

Set the target URL before running:

BASE_URL = "https://your-app-url-here.com"   # ← change this

Create screenshot directory:

mkdir -p /tmp/qa_screenshots

PHASE 4 — PRODUCE FINAL REPORT

After tests complete:

ls -la /tmp/qa_screenshots/

Then output this report:

## QA EXHAUSTIVE TEST REPORT
Date/Time: [timestamp]
Target URL: [url]
Environment: Docker / Linux

### COVERAGE
Pages visited:      X
Nav items clicked:  X
Buttons clicked:    X
Forms tested:       X
Edge cases run:     X

### BUGS FOUND

🔴 CRITICAL (broken functionality)
1. [page] — [what happened]

🟡 MEDIUM (works but wrong)
1. [page] — [what happened]

🟢 MINOR (cosmetic / UX)
1. [page] — [what happened]

### UNTESTED AREAS
1. [reason why it couldn't be tested]

### SCREENSHOTS SAVED
[list files in /tmp/qa_screenshots/]

### VERDICT: [X/10] — [one sentence summary]

Files

3 total

Select a file

Select a file to preview.

Comments

Loading comments…