← Back to Skills Marketplace
tahseen137

Qa Patrol

by Tahseen-ur Rahman · GitHub ↗ · v1.0.3
cross-platform ⚠ suspicious
1004
Downloads
0
Stars
5
Active Installs
4
Versions
Install in OpenClaw
/install qa-patrol
Description
Automated QA testing for web apps using local browser automation. Runs entirely on your machine — no data leaves, no cloud services, no external servers. Lev...
Usage Guidance
This skill appears to be what it claims: a local QA tool with optional static scans and DB checks. Before installing or running it: (1) Only provide test account credentials and point DATABASE_URL to a non-production/test database. (2) Expect the tool to navigate to the target URL and external services used by your app (e.g., Stripe checkout) — so "nothing leaves" is only true if your target and DB are local/test. (3) Level 3 static analysis will read local repo_path files, so run those scans only in repos you intend to scan. (4) Because this is instruction-only, its behavior depends on the platform's built-in browser/read capabilities — verify you trust the runtime environment. If you need extra assurance, run the skill in an isolated environment (VM/container) and review/edit the provided templates to remove or replace anything you don't want exercised.
Capability Analysis
Type: OpenClaw Skill Name: qa-patrol Version: 1.0.3 The skill is classified as suspicious due to its declared high-risk capabilities, despite explicit documentation of benign intent. It requires `read` permission to scan local files (`repo_path: ./src`) for static analysis, can connect to and execute arbitrary SQL queries against a user-provided database (`DATABASE_URL`), and can make arbitrary HTTP requests (`type: api_check` in `payments-stripe.yaml`). While the `SKILL.md` and `references/bug-patterns.md` files repeatedly emphasize that these features are for *detecting* issues in the user's *own codebase* (e.g., exposed API keys) and that no data leaves the machine, these capabilities are inherently powerful and could be misused by a malicious user or exploited if the agent were compromised. There is no evidence of intentional malicious behavior by the skill itself, but the broad access to local files, databases, and network makes it more than benign.
Capability Assessment
Purpose & Capability
Name/description, templates, and runtime instructions all describe local browser automation, optional static analysis, and optional DB checks. The optional env vars (test account creds, DATABASE_URL) and repo_path are appropriate for those features.
Instruction Scope
SKILL.md is explicit about levels and what will be accessed. One mismatch to note: the doc repeatedly states "nothing is sent to external servers," but tests may navigate to third-party domains (e.g., checkout.stripe.com) and the webhook/api_check templates perform HTTP requests; if your app or DB is remote those network interactions will contact external endpoints. The instructions also reference many optional env vars and local repo paths (for Level 3) — reasonable for the stated functionality but worth being aware of.
Install Mechanism
Instruction-only skill with no install spec and no bundled executables. No downloads or extracted archives — lowest install risk.
Credentials
Env vars requested in SKILL.md are optional test credentials and DATABASE_URL, which align with auth/payment and DB integrity testing. The registry metadata lists no required env vars (meaning none are mandatory) — SKILL.md references optional env vars rather than declaring required secrets. This is proportionate, but you should avoid supplying production credentials.
Persistence & Privilege
always:false and no install hooks or config-writing behavior in the skill. It does not request permanent platform presence or modify other skills' configs per the provided files.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install qa-patrol
  3. After installation, invoke the skill by name or use /qa-patrol
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
v1.0.3: Fix registry metadata — removed unsupported nested objects causing [object Object], moved env/permissions docs to body, clarified read permission is Level 3 only
v1.0.2
v1.0.2: Clarify local execution language for security scanner
v1.0.1
- Added `version: 1.0.1` and detailed metadata to SKILL.md, including permissions and environment variable documentation. - Improved security and privacy documentation, clarifying sandboxed execution, secrets handling, and user control. - Updated environment variable references and descriptions in both skill metadata and test plan examples. - Clarified that advanced features (static analysis, data integrity checks) are optional and require explicit configuration. - Enhanced documentation for bug pattern detection, emphasizing detection (not exploitation) and alignment with standard security tools.
v1.0.0
qa-patrol 1.0.0 – Initial Release - Automates QA testing for web apps using browser automation and structured YAML test plans. - Supports testing of Supabase/Firebase auth flows, Stripe payments, React Native Web, Next.js, and SPAs. - Offers zero-config smoke tests, customizable test plans, and prebuilt templates for common stacks and flows. - Executes multi-stage workflows: plan generation/loading, browser-driven test execution, detection of common bug patterns, data integrity checks, and reporting. - Structured report includes summary, failures with evidence, actionable recommendations, and confidence scoring based on coverage and results. - Provides flexible configuration of auth providers, payment workflows, static analysis patterns, and dynamic variable interpolation.
Metadata
Slug qa-patrol
Version 1.0.3
License
All-time Installs 7
Active Installs 5
Total Versions 4
Frequently Asked Questions

What is Qa Patrol?

Automated QA testing for web apps using local browser automation. Runs entirely on your machine — no data leaves, no cloud services, no external servers. Lev... It is an AI Agent Skill for Claude Code / OpenClaw, with 1004 downloads so far.

How do I install Qa Patrol?

Run "/install qa-patrol" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Qa Patrol free?

Yes, Qa Patrol is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Qa Patrol support?

Qa Patrol is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Qa Patrol?

It is built and maintained by Tahseen-ur Rahman (@tahseen137); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments