← 返回 Skills 市场
kbo4sho

Visual Qa

作者 Kevin Bolander · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
230
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install visual-qa
功能描述
Perform pixel-level visual regression testing on web apps by capturing, comparing screenshots, and gating deployments based on configurable similarity thresh...
安全使用建议
This skill appears to do what it claims: capture screenshots with Playwright, compare them with Pillow, and gate on similarity. Before installing or running it: (1) ensure Playwright/pillow are installed and you have Chromium available; (2) review any .visual-qa.json or CLI 'server' command you pass—the tool will execute that command on your machine (capture.start_server uses shell execution), so do not run untrusted configurations; (3) run in an isolated environment or CI runner with limited privileges if you introduce server commands from third parties; (4) note minor platform differences (uses 'cp' for copying diffs) and that the tool will bind/connect to localhost ports to start/verify the app.
功能分析
Type: OpenClaw Skill Name: visual-qa Version: 1.0.0 The visual-qa skill bundle contains a shell injection vulnerability in scripts/capture.py, where the 'server' command is executed via subprocess.Popen with shell=True without sanitization. While this is intended to allow users to start local development servers (e.g., 'npm run dev'), it could be exploited to execute arbitrary commands if a malicious configuration file is provided. No evidence of intentional malice, data exfiltration, or backdoors was found, and the code logic aligns with the stated purpose of visual regression testing.
能力评估
Purpose & Capability
Name/description match the included scripts (capture.py, diff.py, gate.py). Required capabilities (Playwright, Pillow) and behavior (start local server, capture screenshots, pixel diffs) are consistent with a visual QA tool.
Instruction Scope
Instructions stay within the visual testing domain (reading config, capturing pages, comparing images). The scripts will start local servers, open network connections to localhost ports, read/write project files (baseline/current/diff dirs), and execute the user-supplied 'server' command. Running arbitrary server commands is required for the use case but is a potential danger if the config/command comes from an untrusted source.
Install Mechanism
No automated install spec; this is instruction-only and asks the user to pip install Playwright and Pillow and to run Playwright's browser install. No downloads or archive extraction are performed by the skill itself.
Credentials
Skill requests no environment variables or credentials. It does set PORT in the environment when launching a dev server (expected), but it does not read secrets or external credentials. The only notable point: the 'server' argument is executed via shell (capture.start_server uses shell=True), so untrusted server strings could run arbitrary commands—this is functional but a security consideration.
Persistence & Privilege
Skill does not request permanent presence, does not modify other skills, and uses only per-run temporary directories (gate.py uses TemporaryDirectory). It writes baseline/current/diff files into project paths when requested (expected for this tool).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install visual-qa
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /visual-qa 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the visual-qa skill: a visual regression testing pipeline for web applications. - Capture and store baseline screenshots, compare new builds via pixel-level diffing, and gate deployments with configurable similarity thresholds. - Includes scripts for capturing screenshots (`capture.py`), comparing images (`diff.py`), and an all-in-one gate for CI/CD workflows (`gate.py`). - Supports config file for managing multiple pages, viewports, and workflow automation. - Guides provided for setup, usage, CI/CD integration, and troubleshooting. - Requires Playwright and Pillow as dependencies.
元数据
Slug visual-qa
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Visual Qa 是什么?

Perform pixel-level visual regression testing on web apps by capturing, comparing screenshots, and gating deployments based on configurable similarity thresh... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 230 次。

如何安装 Visual Qa?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install visual-qa」即可一键安装,无需额外配置。

Visual Qa 是免费的吗?

是的,Visual Qa 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Visual Qa 支持哪些平台?

Visual Qa 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Visual Qa?

由 Kevin Bolander(@kbo4sho)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论