Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub · Developer Tools
Qa Patrol
Automated QA testing for web apps using local browser automation. Runs entirely on your machine — no data leaves, no cloud services, no external servers. Lev...
skill openclawclawhub Free
Automated QA testing for web apps using local browser automation. Runs entirely on your machine — no data leaves, no cloud services, no external servers. Lev...
⬇ 0 downloads ★ 0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- SKILL.md, assets/examples/rewardly.yaml, assets/templates/auth-supabase.yaml, assets/templates/basic.yaml, assets/templates/full-saas.yaml, assets/templates/payments-stripe.yaml
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.3
Provenance
- Publisher
- tahseen137
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
QA Patrol
Automated QA testing skill for web applications. Catches bugs that unit tests miss: cross-platform issues, auth state problems, data integrity failures, and integration breakages.
Security & Privacy
All tests run locally on your machine. Nothing is sent to external servers. The browser automation uses OpenClaw's built-in browser control — no cloud services involved.
Permissions by Level
LevelWhat it doesPermissions neededEnv vars needed1 — SmokeLoads pages, checks for errorsbrowser onlyAPP_URL (or pass --url)2 — Auth/PaymentsTests sign-in, checkout flowsbrowser onlyTest account credentials (see below)3 — Static AnalysisScans local source code for bug patternsbrowser + readNone (uses local repo_path)3 — DB IntegrityCompares DB values to UI displaybrowserDATABASE_URL The read permission is ONLY needed for Level 3 static analysis. Level 1 and Level 2 tests use browser automation exclusively. If you only run Level 1/2 tests, the skill never accesses local files.
Environment Variables (all optional)
VariableRequiredUsed byPurposeAPP_URLNoLevel 1+Target app URL (can also use --url flag)ADMIN_EMAILNoLevel 2Admin test account emailADMIN_PASSWORDNoLevel 2Admin test account passwordFREE_EMAILNoLevel 2Free-tier test account emailFREE_PASSWORDNoLevel 2Free-tier test account passwordPRO_EMAILNoLevel 2Pro test account emailPRO_PASSWORDNoLevel 2Pro test account passwordDATABASE_URLNoLevel 3DB connection for data integrity checks ⚠️ Use test credentials only — never supply production passwords or production DATABASE_URL.
Secrets Handling
NEVER hardcode secrets in test plans — always use environment variable interpolation: ${env.ADMIN_PASSWORD} Credentials are read from your local environment at runtime Test plans in this skill's examples use only ${env.VAR} placeholders The skill does not persist, log, or transmit credentials
Security Pattern Detection (Not Exploitation)
The references/bug-patterns.md file contains regex patterns for detecting exposed secrets in codebases (e.g., sk_live_, api_key=). These are detection patterns used to help developers find and fix security issues — they are NOT exploitation tools. This is standard practice in security linters like ESLint, Semgrep, and GitHub's secret scanning.
No Install Scripts, No Code Files
This is an instruction-only skill — it contains no executable code, no install scripts, and no third-party dependencies. The entire security surface is the SKILL.md instructions and OpenClaw's built-in browser/read capabilities.
Level 1: Zero-Config Smoke Test
# Just provide a URL qa-patrol https://example.com
Level 2: With Auth/Payments
# Use a test plan template qa-patrol --plan auth-supabase.yaml --url https://example.com
Level 3: Full Config
# Custom test plan with data integrity checks qa-patrol --plan my-app.yaml
1. Load or Generate Test Plan
If a YAML test plan is provided, load it. Otherwise, generate a basic plan: app: url: <provided URL> name: <extracted from page title> tests: smoke: - name: Homepage loads navigate: / assert: - element_exists: main - no_console_errors: true See assets/templates/ for test plan templates: basic.yaml - Zero-config smoke test auth-supabase.yaml - Supabase auth flows payments-stripe.yaml - Stripe checkout testing full-saas.yaml - Complete SaaS test plan
2. Execute Tests
Run tests in order: smoke → auth → payments → data_integrity → static_analysis. For each test: Navigate to the target URL Execute steps (click, type, wait) Capture snapshot and console logs Evaluate assertions Record PASS/FAIL/SKIP with evidence Browser Automation Patterns # Navigate and snapshot browser(action="navigate", targetUrl="https://example.com/page") browser(action="snapshot") # Form interaction browser(action="act", request={"kind": "click", "ref": "email_input"}) browser(action="act", request={"kind": "type", "ref": "email_input", "text": "user@test.com"}) browser(action="act", request={"kind": "click", "ref": "submit_button"}) # Check console for errors browser(action="console", level="error") See references/test-patterns.md for complete automation patterns.
3. Check for Known Bug Patterns
Scan codebase (if accessible) for anti-patterns: PatternWhat to grepSeverityAlert.alert on webAlert.alert without Platform.OS guardHighLinking in ModalLinking.openURL inside Modal componentHighMissing RLSSupabase queries without proper auth contextHighHardcoded secretsAPI keys in client codeCritical See references/bug-patterns.md for the full catalog.
4. Data Integrity Checks (Level 3)
When data_integrity tests are defined: Execute the DB query (requires DB access) Navigate to the UI path Extract the displayed value Compare against query result Flag mismatches with severity based on % difference
5. Generate Report
Output a structured report: # QA Report: [App Name] **Date**: YYYY-MM-DD HH:MM **URL**: https://example.com **Confidence**: 87% ## Summary | Category | Pass | Fail | Skip | |----------|------|------|------| | Smoke | 5 | 0 | 0 | | Auth | 3 | 1 | 0 | | Payments | 0 | 0 | 2 | ## Failures ### [FAIL] Auth: Session persistence after refresh **Steps**: Sign in → Refresh page → Check auth state **Expected**: User remains signed in **Actual**: Redirected to login page **Evidence**: [screenshot] **Severity**: High ## Recommendations 1. Fix session persistence (likely cookie/localStorage issue) 2. Add Platform.OS guards to Alert.alert calls See references/report-format.md for the complete template.
App Configuration
app: url: https://example.com # Required: base URL name: My App # Optional: display name stack: expo-web # expo-web | nextjs | spa | static
Auth Configuration
auth: provider: supabase # supabase | firebase | auth0 | custom login_path: /auth # Path to login page accounts: admin: email: admin@test.com password: ${ADMIN_PASSWORD} # Use env vars for secrets free: email: free@test.com password: ${FREE_PASSWORD} guest: true # Test anonymous/guest mode
Test Types
Smoke Tests tests: smoke: - name: Homepage loads navigate: / assert: - element_exists: main - no_console_errors: true - no_network_errors: true - name: Navigation works navigate: / steps: - click: { ref: nav_link } - assert: { url_contains: "/target" } Auth Tests tests: auth: - name: Sign in flow steps: - navigate: /auth - type: { ref: email_input, text: "${auth.accounts.free.email}" } - type: { ref: password_input, text: "${auth.accounts.free.password}" } - click: { ref: sign_in_button } - wait: { url_contains: "/home", timeout: 5000 } - assert: { element_exists: "user_avatar" } - name: Sign out flow requires: signed_in steps: - click: { ref: user_menu } - click: { ref: sign_out_button } - assert: { url_contains: "/auth" } - name: Session persistence requires: signed_in steps: - navigate: /home - refresh: true - assert: { element_exists: "user_avatar" } Payment Tests tests: payments: provider: stripe tests: - name: Checkout creation steps: - navigate: /pricing - click: { ref: pro_plan_button } - wait: { url_contains: "checkout.stripe.com", timeout: 10000 } - assert: { element_exists: "cardNumber" } Data Integrity Tests tests: data_integrity: - name: Card count matches query: "SELECT count(*) FROM cards WHERE country='CA'" ui_path: /settings ui_selector: "[data-testid='card-count']" tolerance: 0 # Exact match required - name: Points calculation query: "SELECT points_rate FROM tiers WHERE name='Gold'" ui_path: /calculator ui_selector: ".points-display" tolerance: 0.01 # 1% tolerance Static Analysis tests: static_analysis: scan_path: ./src patterns: - name: Alert.alert without Platform guard grep: "Alert\\.alert" exclude_grep: "Platform\\.OS" severity: high fix_hint: "Wrap in Platform.OS check or use cross-platform alert" - name: Hardcoded API keys grep: "(sk_live_|pk_live_|api_key.*=.*['\"][a-zA-Z0-9]{20,})" severity: critical
Assertions Reference
AssertionDescriptionelement_exists: "ref"Element with ref is in DOMelement_visible: "ref"Element is visibletext_contains: "string"Page contains texturl_contains: "/path"URL includes pathno_console_errors: trueNo console.error callsno_network_errors: trueNo failed network requestsvalue_equals: { ref, value }Input value matchescount_equals: { ref, count }Number of matching elements
Variable Interpolation
Use ${...} for dynamic values: ${auth.accounts.free.email} - From test plan ${env.API_KEY} - From environment ${captured.user_id} - From previous step capture
Confidence Scoring
Calculate confidence based on test coverage and results: base_confidence = 50 per_smoke_pass = +5 (max 20) per_auth_pass = +8 (max 24) per_payment_pass = +10 (max 20) per_data_check_pass = +6 (max 18) static_analysis_clean = +8 no_critical_failures = +10 final_confidence = min(base + bonuses - penalties, 100) Penalties: Critical failure: -20 High severity failure: -10 Medium severity failure: -5 Skipped critical test: -5
References
references/test-patterns.md - Browser automation patterns and examples references/bug-patterns.md - Known bug patterns to detect references/report-format.md - QA report template
Templates
assets/templates/basic.yaml - Zero-config smoke test assets/templates/auth-supabase.yaml - Supabase auth testing assets/templates/payments-stripe.yaml - Stripe payment testing assets/templates/full-saas.yaml - Complete SaaS test plan
Examples
assets/examples/rewardly.yaml - Real-world React Native Web app test plan
Tips
Start with smoke tests - Verify basic functionality before auth/payments Use guest mode first - Test without auth to establish baseline Check console early - Console errors often reveal root causes Screenshot failures - Always capture evidence for debugging Test cache states - Sign out and clear cache to expose hidden issues Verify cross-platform - If React Native Web, test alert/linking patterns
Category context
Code helpers, APIs, CLIs, browser automation, testing, and developer operations.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
5 Config1 Docs
- SKILL.md
- assets/examples/rewardly.yaml
- assets/templates/auth-supabase.yaml
- assets/templates/basic.yaml
- assets/templates/full-saas.yaml
- assets/templates/payments-stripe.yaml