← Back to Skills Marketplace
Visual Qa
by
Kevin Bolander
· GitHub ↗
· v1.0.0
· MIT-0
230
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install visual-qa
Description
Perform pixel-level visual regression testing on web apps by capturing, comparing screenshots, and gating deployments based on configurable similarity thresh...
Usage Guidance
This skill appears to do what it claims: capture screenshots with Playwright, compare them with Pillow, and gate on similarity. Before installing or running it: (1) ensure Playwright/pillow are installed and you have Chromium available; (2) review any .visual-qa.json or CLI 'server' command you pass—the tool will execute that command on your machine (capture.start_server uses shell execution), so do not run untrusted configurations; (3) run in an isolated environment or CI runner with limited privileges if you introduce server commands from third parties; (4) note minor platform differences (uses 'cp' for copying diffs) and that the tool will bind/connect to localhost ports to start/verify the app.
Capability Analysis
Type: OpenClaw Skill
Name: visual-qa
Version: 1.0.0
The visual-qa skill bundle contains a shell injection vulnerability in scripts/capture.py, where the 'server' command is executed via subprocess.Popen with shell=True without sanitization. While this is intended to allow users to start local development servers (e.g., 'npm run dev'), it could be exploited to execute arbitrary commands if a malicious configuration file is provided. No evidence of intentional malice, data exfiltration, or backdoors was found, and the code logic aligns with the stated purpose of visual regression testing.
Capability Assessment
Purpose & Capability
Name/description match the included scripts (capture.py, diff.py, gate.py). Required capabilities (Playwright, Pillow) and behavior (start local server, capture screenshots, pixel diffs) are consistent with a visual QA tool.
Instruction Scope
Instructions stay within the visual testing domain (reading config, capturing pages, comparing images). The scripts will start local servers, open network connections to localhost ports, read/write project files (baseline/current/diff dirs), and execute the user-supplied 'server' command. Running arbitrary server commands is required for the use case but is a potential danger if the config/command comes from an untrusted source.
Install Mechanism
No automated install spec; this is instruction-only and asks the user to pip install Playwright and Pillow and to run Playwright's browser install. No downloads or archive extraction are performed by the skill itself.
Credentials
Skill requests no environment variables or credentials. It does set PORT in the environment when launching a dev server (expected), but it does not read secrets or external credentials. The only notable point: the 'server' argument is executed via shell (capture.start_server uses shell=True), so untrusted server strings could run arbitrary commands—this is functional but a security consideration.
Persistence & Privilege
Skill does not request permanent presence, does not modify other skills, and uses only per-run temporary directories (gate.py uses TemporaryDirectory). It writes baseline/current/diff files into project paths when requested (expected for this tool).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install visual-qa - After installation, invoke the skill by name or use
/visual-qa - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the visual-qa skill: a visual regression testing pipeline for web applications.
- Capture and store baseline screenshots, compare new builds via pixel-level diffing, and gate deployments with configurable similarity thresholds.
- Includes scripts for capturing screenshots (`capture.py`), comparing images (`diff.py`), and an all-in-one gate for CI/CD workflows (`gate.py`).
- Supports config file for managing multiple pages, viewports, and workflow automation.
- Guides provided for setup, usage, CI/CD integration, and troubleshooting.
- Requires Playwright and Pillow as dependencies.
Metadata
Frequently Asked Questions
What is Visual Qa?
Perform pixel-level visual regression testing on web apps by capturing, comparing screenshots, and gating deployments based on configurable similarity thresh... It is an AI Agent Skill for Claude Code / OpenClaw, with 230 downloads so far.
How do I install Visual Qa?
Run "/install visual-qa" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Visual Qa free?
Yes, Visual Qa is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Visual Qa support?
Visual Qa is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Visual Qa?
It is built and maintained by Kevin Bolander (@kbo4sho); the current version is v1.0.0.
More Skills