← 返回 Skills 市场
Qa Patrol
作者
Tahseen-ur Rahman
· GitHub ↗
· v1.0.3
1004
总下载
0
收藏
5
当前安装
4
版本数
在 OpenClaw 中安装
/install qa-patrol
功能描述
Automated QA testing for web apps using local browser automation. Runs entirely on your machine — no data leaves, no cloud services, no external servers. Lev...
安全使用建议
This skill appears to be what it claims: a local QA tool with optional static scans and DB checks. Before installing or running it: (1) Only provide test account credentials and point DATABASE_URL to a non-production/test database. (2) Expect the tool to navigate to the target URL and external services used by your app (e.g., Stripe checkout) — so "nothing leaves" is only true if your target and DB are local/test. (3) Level 3 static analysis will read local repo_path files, so run those scans only in repos you intend to scan. (4) Because this is instruction-only, its behavior depends on the platform's built-in browser/read capabilities — verify you trust the runtime environment. If you need extra assurance, run the skill in an isolated environment (VM/container) and review/edit the provided templates to remove or replace anything you don't want exercised.
功能分析
Type: OpenClaw Skill
Name: qa-patrol
Version: 1.0.3
The skill is classified as suspicious due to its declared high-risk capabilities, despite explicit documentation of benign intent. It requires `read` permission to scan local files (`repo_path: ./src`) for static analysis, can connect to and execute arbitrary SQL queries against a user-provided database (`DATABASE_URL`), and can make arbitrary HTTP requests (`type: api_check` in `payments-stripe.yaml`). While the `SKILL.md` and `references/bug-patterns.md` files repeatedly emphasize that these features are for *detecting* issues in the user's *own codebase* (e.g., exposed API keys) and that no data leaves the machine, these capabilities are inherently powerful and could be misused by a malicious user or exploited if the agent were compromised. There is no evidence of intentional malicious behavior by the skill itself, but the broad access to local files, databases, and network makes it more than benign.
能力评估
Purpose & Capability
Name/description, templates, and runtime instructions all describe local browser automation, optional static analysis, and optional DB checks. The optional env vars (test account creds, DATABASE_URL) and repo_path are appropriate for those features.
Instruction Scope
SKILL.md is explicit about levels and what will be accessed. One mismatch to note: the doc repeatedly states "nothing is sent to external servers," but tests may navigate to third-party domains (e.g., checkout.stripe.com) and the webhook/api_check templates perform HTTP requests; if your app or DB is remote those network interactions will contact external endpoints. The instructions also reference many optional env vars and local repo paths (for Level 3) — reasonable for the stated functionality but worth being aware of.
Install Mechanism
Instruction-only skill with no install spec and no bundled executables. No downloads or extracted archives — lowest install risk.
Credentials
Env vars requested in SKILL.md are optional test credentials and DATABASE_URL, which align with auth/payment and DB integrity testing. The registry metadata lists no required env vars (meaning none are mandatory) — SKILL.md references optional env vars rather than declaring required secrets. This is proportionate, but you should avoid supplying production credentials.
Persistence & Privilege
always:false and no install hooks or config-writing behavior in the skill. It does not request permanent platform presence or modify other skills' configs per the provided files.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install qa-patrol - 安装完成后,直接呼叫该 Skill 的名称或使用
/qa-patrol触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
v1.0.3: Fix registry metadata — removed unsupported nested objects causing [object Object], moved env/permissions docs to body, clarified read permission is Level 3 only
v1.0.2
v1.0.2: Clarify local execution language for security scanner
v1.0.1
- Added `version: 1.0.1` and detailed metadata to SKILL.md, including permissions and environment variable documentation.
- Improved security and privacy documentation, clarifying sandboxed execution, secrets handling, and user control.
- Updated environment variable references and descriptions in both skill metadata and test plan examples.
- Clarified that advanced features (static analysis, data integrity checks) are optional and require explicit configuration.
- Enhanced documentation for bug pattern detection, emphasizing detection (not exploitation) and alignment with standard security tools.
v1.0.0
qa-patrol 1.0.0 – Initial Release
- Automates QA testing for web apps using browser automation and structured YAML test plans.
- Supports testing of Supabase/Firebase auth flows, Stripe payments, React Native Web, Next.js, and SPAs.
- Offers zero-config smoke tests, customizable test plans, and prebuilt templates for common stacks and flows.
- Executes multi-stage workflows: plan generation/loading, browser-driven test execution, detection of common bug patterns, data integrity checks, and reporting.
- Structured report includes summary, failures with evidence, actionable recommendations, and confidence scoring based on coverage and results.
- Provides flexible configuration of auth providers, payment workflows, static analysis patterns, and dynamic variable interpolation.
元数据
常见问题
Qa Patrol 是什么?
Automated QA testing for web apps using local browser automation. Runs entirely on your machine — no data leaves, no cloud services, no external servers. Lev... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1004 次。
如何安装 Qa Patrol?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install qa-patrol」即可一键安装,无需额外配置。
Qa Patrol 是免费的吗?
是的,Qa Patrol 完全免费(开源免费),可自由下载、安装和使用。
Qa Patrol 支持哪些平台?
Qa Patrol 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Qa Patrol?
由 Tahseen-ur Rahman(@tahseen137)开发并维护,当前版本 v1.0.3。
推荐 Skills