← Back to Skills Marketplace
daxiangnaoyang

Daxiang Dogfood

by daxiangnaoyang · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
83
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install daxiang-dogfood
Description
Systematically explore and test a web application to find bugs, UX issues, and other problems. Use when asked to "dogfood", "QA", "exploratory test", "find i...
README (SKILL.md)

Dogfood

Systematically explore a web application, find issues, and produce a report with full reproduction evidence for every finding.

Setup

Only the Target URL is required. Everything else has sensible defaults -- use them unless the user explicitly provides an override.

Parameter Default Example override
Target URL (required) vercel.com, http://localhost:3000
Session name Slugified domain (e.g., vercel.com -> vercel-com) --session my-session
Output directory ./dogfood-output/ Output directory: /tmp/qa
Scope Full app Focus on the billing page
Authentication None Sign in to [email protected]

If the user says something like "dogfood vercel.com", start immediately with defaults. Do not ask clarifying questions unless authentication is mentioned but credentials are missing.

Always use agent-browser directly -- never npx agent-browser. The direct binary uses the fast Rust client. npx routes through Node.js and is significantly slower.

Workflow

1. Initialize    Set up session, output dirs, report file
2. Authenticate  Sign in if needed, save state
3. Orient        Navigate to starting point, take initial snapshot
4. Explore       Systematically visit pages and test features
5. Document      Screenshot + record each issue as found
6. Wrap up       Update summary counts, close session

1. Initialize

mkdir -p {OUTPUT_DIR}/screenshots {OUTPUT_DIR}/videos

Copy the report template into the output directory and fill in the header fields:

cp {SKILL_DIR}/templates/dogfood-report-template.md {OUTPUT_DIR}/report.md

Start a named session:

agent-browser --session {SESSION} open {TARGET_URL}
agent-browser --session {SESSION} wait --load networkidle

2. Authenticate

If the app requires login:

agent-browser --session {SESSION} snapshot -i
# Identify login form refs, fill credentials
agent-browser --session {SESSION} fill @e1 "{EMAIL}"
agent-browser --session {SESSION} fill @e2 "{PASSWORD}"
agent-browser --session {SESSION} click @e3
agent-browser --session {SESSION} wait --load networkidle

For OTP/email codes: ask the user, wait for their response, then enter the code.

After successful login, save state for potential reuse:

agent-browser --session {SESSION} state save {OUTPUT_DIR}/auth-state.json

3. Orient

Take an initial annotated screenshot and snapshot to understand the app structure:

agent-browser --session {SESSION} screenshot --annotate {OUTPUT_DIR}/screenshots/initial.png
agent-browser --session {SESSION} snapshot -i

Identify the main navigation elements and map out the sections to visit.

4. Explore

Read references/issue-taxonomy.md for the full list of what to look for and the exploration checklist.

Strategy -- work through the app systematically:

  • Start from the main navigation. Visit each top-level section.
  • Within each section, test interactive elements: click buttons, fill forms, open dropdowns/modals.
  • Check edge cases: empty states, error handling, boundary inputs.
  • Try realistic end-to-end workflows (create, edit, delete flows).
  • Check the browser console for errors periodically.

At each page:

agent-browser --session {SESSION} snapshot -i
agent-browser --session {SESSION} screenshot --annotate {OUTPUT_DIR}/screenshots/{page-name}.png
agent-browser --session {SESSION} errors
agent-browser --session {SESSION} console

Use your judgment on how deep to go. Spend more time on core features and less on peripheral pages. If you find a cluster of issues in one area, investigate deeper.

5. Document Issues (Repro-First)

Steps 4 and 5 happen together -- explore and document in a single pass. When you find an issue, stop exploring and document it immediately before moving on. Do not explore the whole app first and document later.

Every issue must be reproducible. When you find something wrong, do not just note it -- prove it with evidence. The goal is that someone reading the report can see exactly what happened and replay it.

Choose the right level of evidence for the issue:

Interactive / behavioral issues (functional, ux, console errors on action)

These require user interaction to reproduce -- use full repro with video and step-by-step screenshots:

  1. Start a repro video before reproducing:
agent-browser --session {SESSION} record start {OUTPUT_DIR}/videos/issue-{NNN}-repro.webm
  1. Walk through the steps at human pace. Pause 1-2 seconds between actions so the video is watchable. Take a screenshot at each step:
agent-browser --session {SESSION} screenshot {OUTPUT_DIR}/screenshots/issue-{NNN}-step-1.png
sleep 1
# Perform action (click, fill, etc.)
sleep 1
agent-browser --session {SESSION} screenshot {OUTPUT_DIR}/screenshots/issue-{NNN}-step-2.png
sleep 1
# ...continue until the issue manifests
  1. Capture the broken state. Pause so the viewer can see it, then take an annotated screenshot:
sleep 2
agent-browser --session {SESSION} screenshot --annotate {OUTPUT_DIR}/screenshots/issue-{NNN}-result.png
  1. Stop the video:
agent-browser --session {SESSION} record stop
  1. Write numbered repro steps in the report, each referencing its screenshot.

Static / visible-on-load issues (typos, placeholder text, clipped text, misalignment, console errors on load)

These are visible without interaction -- a single annotated screenshot is sufficient. No video, no multi-step repro:

agent-browser --session {SESSION} screenshot --annotate {OUTPUT_DIR}/screenshots/issue-{NNN}.png

Write a brief description and reference the screenshot in the report. Set Repro Video to N/A.

For all issues:

  1. Append to the report immediately. Do not batch issues for later. Write each one as you find it so nothing is lost if the session is interrupted.

  2. Increment the issue counter (ISSUE-001, ISSUE-002, ...).

6. Wrap Up

Aim to find 5-10 well-documented issues, then wrap up. Depth of evidence matters more than total count -- 5 issues with full repro beats 20 with vague descriptions.

After exploring:

  1. Re-read the report and update the summary severity counts so they match the actual issues. Every ### ISSUE- block must be reflected in the totals.
  2. Close the session:
agent-browser --session {SESSION} close
  1. Tell the user the report is ready and summarize findings: total issues, breakdown by severity, and the most critical items.

Guidance

  • Repro is everything. Every issue needs proof -- but match the evidence to the issue. Interactive bugs need video and step-by-step screenshots. Static bugs (typos, placeholder text, visual glitches visible on load) only need a single annotated screenshot.
  • Verify reproducibility before collecting evidence. Before recording video or taking screenshots, verify the issue is reproducible with at least one retry. If it can't be reproduced consistently, it's not a valid issue.
  • Don't record video for static issues. A typo or clipped text doesn't benefit from a video. Save video for issues that involve user interaction, timing, or state changes.
  • For interactive issues, screenshot each step. Capture the before, the action, and the after -- so someone can see the full sequence.
  • Write repro steps that map to screenshots. Each numbered step in the report should reference its corresponding screenshot. A reader should be able to follow the steps visually without touching a browser.
  • Use the right snapshot command.
    • snapshot -i �?for finding clickable/fillable elements (buttons, inputs, links)
    • snapshot (no flag) �?for reading page content (text, headings, data lists)
  • Be thorough but use judgment. You are not following a test script -- you are exploring like a real user would. If something feels off, investigate.
  • Write findings incrementally. Append each issue to the report as you discover it. If the session is interrupted, findings are preserved. Never batch all issues for the end.
  • Never delete output files. Do not rm screenshots, videos, or the report mid-session. Do not close the session and restart. Work forward, not backward.
  • Never read the target app's source code. You are testing as a user, not auditing code. Do not read HTML, JS, or config files of the app under test. All findings must come from what you observe in the browser.
  • Check the console. Many issues are invisible in the UI but show up as JS errors or failed requests.
  • Test like a user, not a robot. Try common workflows end-to-end. Click things a real user would click. Enter realistic data.
  • Type like a human. When filling form fields during video recording, use type instead of fill -- it types character-by-character. Use fill only outside of video recording when speed matters.
  • Pace repro videos for humans. Add sleep 1 between actions and sleep 2 before the final result screenshot. Videos should be watchable at 1x speed -- a human reviewing the report needs to see what happened, not a blur of instant state changes.
  • Be efficient with commands. Batch multiple agent-browser commands in a single shell call when they are independent (e.g., agent-browser ... screenshot ... && agent-browser ... console). Use agent-browser --session {SESSION} scroll down 300 for scrolling -- do not use key or evaluate to scroll.

References

Reference When to Read
references/issue-taxonomy.md Start of session -- calibrate what to look for, severity levels, exploration checklist

Templates

Template Purpose
templates/dogfood-report-template.md Copy into output directory as the report file
Usage Guidance
This skill appears coherent for QA dogfooding, but be cautious about what you test and where: only run it against apps you own or have explicit permission to test. The tool records screenshots, videos, and saved auth state (cookies/tokens) into the output directory — those artifacts can contain sensitive data, so secure or delete them after use. Prefer using throwaway/test accounts or ephemeral credentials for authenticated sessions. Note a small inconsistency: SKILL.md advises using the direct agent-browser binary (fast Rust client) but allowed-tools includes an npx variant; this is likely benign but you may want to confirm which binary the agent will actually invoke. If you do not want the agent to run autonomously against live hosts, avoid invoking the skill or restrict its use to manual runs.
Capability Analysis
Type: OpenClaw Skill Name: daxiang-dogfood Version: 1.0.0 The skill bundle is designed for exploratory web testing but contains potential shell injection vulnerabilities in SKILL.md. Specifically, variables like {OUTPUT_DIR} and {TARGET_URL} are used in shell commands without consistent quoting (e.g., in 'mkdir' and 'agent-browser' calls), which could allow for arbitrary command execution if provided with malicious input. Additionally, the skill saves sensitive authentication states to the local file system (auth-state.json), which is a common but risky practice in browser automation.
Capability Assessment
Purpose & Capability
Name/description (web app exploratory testing) match the instructions and bundled templates. The skill is instruction-only and relies on agent-browser to drive a browser and produce screenshots/videos/repro steps, which is expected for this purpose.
Instruction Scope
Instructions are explicit and scoped to testing: initializing a session, authenticating (if provided), navigating pages, taking snapshots, recording videos, saving state, and writing a report. This is within purpose, but the instructions direct the agent to capture potentially sensitive artifacts (screenshots, videos, saved auth-state JSON) and to save them to disk — the user should expect sensitive data to be stored in the output directory.
Install Mechanism
There is no install spec and no code files to execute; the skill is instruction-only. This minimizes install-time risk.
Credentials
The skill declares no required environment variables or credentials, but it explicitly instructs the agent to accept credentials when the user provides them and to save auth state. That behavior is appropriate for testing authenticated apps but means credentials/session tokens may be written to disk — users should only provide credentials they control and secure the output directory.
Persistence & Privilege
always is false, and the skill does not request elevated platform persistence or modify other skills. It only writes files within the output directory it creates.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install daxiang-dogfood
  3. After installation, invoke the skill by name or use /daxiang-dogfood
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the dogfood skill to systematically QA web applications. - Automates exploratory testing and bug hunting for any web app via agent-browser. - Produces detailed, reproducible reports with step-by-step screenshots, videos, and full repro instructions for each issue. - Supports authentication workflows and saving authenticated state. - Includes systematic workflow: initialize, authenticate, explore, and document issues as they are found. - Prioritizes actionable evidence for every bug, tailored by issue type (interactive or static). - Designed for immediate use—requires only a target URL to start testing.
Metadata
Slug daxiang-dogfood
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Daxiang Dogfood?

Systematically explore and test a web application to find bugs, UX issues, and other problems. Use when asked to "dogfood", "QA", "exploratory test", "find i... It is an AI Agent Skill for Claude Code / OpenClaw, with 83 downloads so far.

How do I install Daxiang Dogfood?

Run "/install daxiang-dogfood" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Daxiang Dogfood free?

Yes, Daxiang Dogfood is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Daxiang Dogfood support?

Daxiang Dogfood is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Daxiang Dogfood?

It is built and maintained by daxiangnaoyang (@daxiangnaoyang); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments