← Back to Skills Marketplace
292
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install qa-architecture-auditor
Description
Perform forensic-level codebase analysis and generate comprehensive Quality Assurance and Testing Strategy Reports. Acts as Independent Principal QA Architec...
Usage Guidance
This skill appears internally consistent and implements a local forensic QA analyzer. Before running it: (1) point it at the exact repository path or git URL you intend to analyze (don’t pass root or unrelated directories), (2) be aware that if you analyze a private remote repo git will use your SSH keys or HTTPS token for authentication, and (3) if you have sensitive/proprietary code you may want to inspect scripts/analyze_repo.py yourself (it is included) to confirm behavior. The code shows some minor duplication/inefficiencies but no signs of hidden network calls or credential exfiltration beyond normal git operations. If you need higher assurance, review the full Python script line-by-line or run it in a sandboxed environment first.
Capability Analysis
Type: OpenClaw Skill
Name: qa-architecture-auditor
Version: 1.1.0
The qa-architecture-auditor skill is a static analysis tool designed to perform forensic codebase reviews and generate QA strategy reports. While its core functionality is aligned with its stated purpose, the script 'scripts/analyze_repo.py' is classified as suspicious due to a lack of output sanitization during HTML report generation. Specifically, repository metadata such as file paths and module names are inserted directly into the HTML template without escaping, creating a Cross-Site Scripting (XSS) vulnerability if the tool is used to analyze a maliciously crafted repository. No evidence of intentional harmful behavior or data exfiltration was identified.
Capability Assessment
Purpose & Capability
The name/description (forensic QA/codebase analysis) aligns with the provided artifacts: a Python analysis script and comprehensive references. Required binaries (python3, git) are reasonable and expected for cloning and local analysis. No unrelated services, env vars, or credentials are requested.
Instruction Scope
SKILL.md limits runtime actions to cloning/fetching a repo and local analysis; the included script's top-level security manifest matches that. One thing to note: the analyzer recursively reads files under the provided path, so if a user points it at a directory other than a repository (e.g., '/'), it will scan those files too. This is expected behavior for a repo analyzer but users should ensure they pass the intended repo path.
Install Mechanism
There is no install spec; this is instruction + bundled Python script only (no downloads or archive extraction). That is the lowest-risk install model and consistent with the skill's purpose.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md and script state outward network usage is limited to git operations (cloning/fetching) when a remote URL is analyzed — this is proportionate to the stated functionality. Private repo auth is user-supplied via git (SSH keys or HTTPS token), which the doc explicitly calls out.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not attempt to modify other skills or system-wide settings. It writes only the specified report file. Autonomous invocation of the skill is allowed by platform defaults but not escalated by the skill itself.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install qa-architecture-auditor - After installation, invoke the skill by name or use
/qa-architecture-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Major fix for detection logic and methodology restoration
Metadata
Frequently Asked Questions
What is QA Architecture Auditor?
Perform forensic-level codebase analysis and generate comprehensive Quality Assurance and Testing Strategy Reports. Acts as Independent Principal QA Architec... It is an AI Agent Skill for Claude Code / OpenClaw, with 292 downloads so far.
How do I install QA Architecture Auditor?
Run "/install qa-architecture-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is QA Architecture Auditor free?
Yes, QA Architecture Auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does QA Architecture Auditor support?
QA Architecture Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created QA Architecture Auditor?
It is built and maintained by ssshhh (@shifulegend); the current version is v1.1.0.
More Skills