{ "schemaVersion": "1.0", "item": { "slug": "qa-patrol", "name": "Qa Patrol", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/tahseen137/qa-patrol", "canonicalUrl": "https://clawhub.ai/tahseen137/qa-patrol", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/qa-patrol", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=qa-patrol", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "assets/examples/rewardly.yaml", "assets/templates/auth-supabase.yaml", "assets/templates/basic.yaml", "assets/templates/full-saas.yaml", "assets/templates/payments-stripe.yaml" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/qa-patrol" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/qa-patrol", "agentPageUrl": "https://openagent3.xyz/skills/qa-patrol/agent", "manifestUrl": "https://openagent3.xyz/skills/qa-patrol/agent.json", "briefUrl": "https://openagent3.xyz/skills/qa-patrol/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "QA Patrol", "body": "Automated QA testing skill for web applications. Catches bugs that unit tests miss: cross-platform issues, auth state problems, data integrity failures, and integration breakages." }, { "title": "Security & Privacy", "body": "All tests run locally on your machine. Nothing is sent to external servers. The browser automation uses OpenClaw's built-in browser control — no cloud services involved." }, { "title": "Permissions by Level", "body": "LevelWhat it doesPermissions neededEnv vars needed1 — SmokeLoads pages, checks for errorsbrowser onlyAPP_URL (or pass --url)2 — Auth/PaymentsTests sign-in, checkout flowsbrowser onlyTest account credentials (see below)3 — Static AnalysisScans local source code for bug patternsbrowser + readNone (uses local repo_path)3 — DB IntegrityCompares DB values to UI displaybrowserDATABASE_URL\n\nThe read permission is ONLY needed for Level 3 static analysis. Level 1 and Level 2 tests use browser automation exclusively. If you only run Level 1/2 tests, the skill never accesses local files." }, { "title": "Environment Variables (all optional)", "body": "VariableRequiredUsed byPurposeAPP_URLNoLevel 1+Target app URL (can also use --url flag)ADMIN_EMAILNoLevel 2Admin test account emailADMIN_PASSWORDNoLevel 2Admin test account passwordFREE_EMAILNoLevel 2Free-tier test account emailFREE_PASSWORDNoLevel 2Free-tier test account passwordPRO_EMAILNoLevel 2Pro test account emailPRO_PASSWORDNoLevel 2Pro test account passwordDATABASE_URLNoLevel 3DB connection for data integrity checks\n\n⚠️ Use test credentials only — never supply production passwords or production DATABASE_URL." }, { "title": "Secrets Handling", "body": "NEVER hardcode secrets in test plans — always use environment variable interpolation: ${env.ADMIN_PASSWORD}\nCredentials are read from your local environment at runtime\nTest plans in this skill's examples use only ${env.VAR} placeholders\nThe skill does not persist, log, or transmit credentials" }, { "title": "Security Pattern Detection (Not Exploitation)", "body": "The references/bug-patterns.md file contains regex patterns for detecting exposed secrets in codebases (e.g., sk_live_, api_key=). These are detection patterns used to help developers find and fix security issues — they are NOT exploitation tools. This is standard practice in security linters like ESLint, Semgrep, and GitHub's secret scanning." }, { "title": "No Install Scripts, No Code Files", "body": "This is an instruction-only skill — it contains no executable code, no install scripts, and no third-party dependencies. The entire security surface is the SKILL.md instructions and OpenClaw's built-in browser/read capabilities." }, { "title": "Level 1: Zero-Config Smoke Test", "body": "# Just provide a URL\nqa-patrol https://example.com" }, { "title": "Level 2: With Auth/Payments", "body": "# Use a test plan template\nqa-patrol --plan auth-supabase.yaml --url https://example.com" }, { "title": "Level 3: Full Config", "body": "# Custom test plan with data integrity checks\nqa-patrol --plan my-app.yaml" }, { "title": "1. Load or Generate Test Plan", "body": "If a YAML test plan is provided, load it. Otherwise, generate a basic plan:\n\napp:\n url: \n name: \n\ntests:\n smoke:\n - name: Homepage loads\n navigate: /\n assert:\n - element_exists: main\n - no_console_errors: true\n\nSee assets/templates/ for test plan templates:\n\nbasic.yaml - Zero-config smoke test\nauth-supabase.yaml - Supabase auth flows\npayments-stripe.yaml - Stripe checkout testing\nfull-saas.yaml - Complete SaaS test plan" }, { "title": "2. Execute Tests", "body": "Run tests in order: smoke → auth → payments → data_integrity → static_analysis.\n\nFor each test:\n\nNavigate to the target URL\nExecute steps (click, type, wait)\nCapture snapshot and console logs\nEvaluate assertions\nRecord PASS/FAIL/SKIP with evidence\n\nBrowser Automation Patterns\n\n# Navigate and snapshot\nbrowser(action=\"navigate\", targetUrl=\"https://example.com/page\")\nbrowser(action=\"snapshot\")\n\n# Form interaction\nbrowser(action=\"act\", request={\"kind\": \"click\", \"ref\": \"email_input\"})\nbrowser(action=\"act\", request={\"kind\": \"type\", \"ref\": \"email_input\", \"text\": \"user@test.com\"})\nbrowser(action=\"act\", request={\"kind\": \"click\", \"ref\": \"submit_button\"})\n\n# Check console for errors\nbrowser(action=\"console\", level=\"error\")\n\nSee references/test-patterns.md for complete automation patterns." }, { "title": "3. Check for Known Bug Patterns", "body": "Scan codebase (if accessible) for anti-patterns:\n\nPatternWhat to grepSeverityAlert.alert on webAlert.alert without Platform.OS guardHighLinking in ModalLinking.openURL inside Modal componentHighMissing RLSSupabase queries without proper auth contextHighHardcoded secretsAPI keys in client codeCritical\n\nSee references/bug-patterns.md for the full catalog." }, { "title": "4. Data Integrity Checks (Level 3)", "body": "When data_integrity tests are defined:\n\nExecute the DB query (requires DB access)\nNavigate to the UI path\nExtract the displayed value\nCompare against query result\nFlag mismatches with severity based on % difference" }, { "title": "5. Generate Report", "body": "Output a structured report:\n\n# QA Report: [App Name]\n**Date**: YYYY-MM-DD HH:MM\n**URL**: https://example.com\n**Confidence**: 87%\n\n## Summary\n| Category | Pass | Fail | Skip |\n|----------|------|------|------|\n| Smoke | 5 | 0 | 0 |\n| Auth | 3 | 1 | 0 |\n| Payments | 0 | 0 | 2 |\n\n## Failures\n\n### [FAIL] Auth: Session persistence after refresh\n**Steps**: Sign in → Refresh page → Check auth state\n**Expected**: User remains signed in\n**Actual**: Redirected to login page\n**Evidence**: [screenshot]\n**Severity**: High\n\n## Recommendations\n1. Fix session persistence (likely cookie/localStorage issue)\n2. Add Platform.OS guards to Alert.alert calls\n\nSee references/report-format.md for the complete template." }, { "title": "App Configuration", "body": "app:\n url: https://example.com # Required: base URL\n name: My App # Optional: display name\n stack: expo-web # expo-web | nextjs | spa | static" }, { "title": "Auth Configuration", "body": "auth:\n provider: supabase # supabase | firebase | auth0 | custom\n login_path: /auth # Path to login page\n accounts:\n admin:\n email: admin@test.com\n password: ${ADMIN_PASSWORD} # Use env vars for secrets\n free:\n email: free@test.com\n password: ${FREE_PASSWORD}\n guest: true # Test anonymous/guest mode" }, { "title": "Test Types", "body": "Smoke Tests\n\ntests:\n smoke:\n - name: Homepage loads\n navigate: /\n assert:\n - element_exists: main\n - no_console_errors: true\n - no_network_errors: true\n \n - name: Navigation works\n navigate: /\n steps:\n - click: { ref: nav_link }\n - assert: { url_contains: \"/target\" }\n\nAuth Tests\n\ntests:\n auth:\n - name: Sign in flow\n steps:\n - navigate: /auth\n - type: { ref: email_input, text: \"${auth.accounts.free.email}\" }\n - type: { ref: password_input, text: \"${auth.accounts.free.password}\" }\n - click: { ref: sign_in_button }\n - wait: { url_contains: \"/home\", timeout: 5000 }\n - assert: { element_exists: \"user_avatar\" }\n \n - name: Sign out flow\n requires: signed_in\n steps:\n - click: { ref: user_menu }\n - click: { ref: sign_out_button }\n - assert: { url_contains: \"/auth\" }\n \n - name: Session persistence\n requires: signed_in\n steps:\n - navigate: /home\n - refresh: true\n - assert: { element_exists: \"user_avatar\" }\n\nPayment Tests\n\ntests:\n payments:\n provider: stripe\n tests:\n - name: Checkout creation\n steps:\n - navigate: /pricing\n - click: { ref: pro_plan_button }\n - wait: { url_contains: \"checkout.stripe.com\", timeout: 10000 }\n - assert: { element_exists: \"cardNumber\" }\n\nData Integrity Tests\n\ntests:\n data_integrity:\n - name: Card count matches\n query: \"SELECT count(*) FROM cards WHERE country='CA'\"\n ui_path: /settings\n ui_selector: \"[data-testid='card-count']\"\n tolerance: 0 # Exact match required\n \n - name: Points calculation\n query: \"SELECT points_rate FROM tiers WHERE name='Gold'\"\n ui_path: /calculator\n ui_selector: \".points-display\"\n tolerance: 0.01 # 1% tolerance\n\nStatic Analysis\n\ntests:\n static_analysis:\n scan_path: ./src\n patterns:\n - name: Alert.alert without Platform guard\n grep: \"Alert\\\\.alert\"\n exclude_grep: \"Platform\\\\.OS\"\n severity: high\n fix_hint: \"Wrap in Platform.OS check or use cross-platform alert\"\n \n - name: Hardcoded API keys\n grep: \"(sk_live_|pk_live_|api_key.*=.*['\\\"][a-zA-Z0-9]{20,})\"\n severity: critical" }, { "title": "Assertions Reference", "body": "AssertionDescriptionelement_exists: \"ref\"Element with ref is in DOMelement_visible: \"ref\"Element is visibletext_contains: \"string\"Page contains texturl_contains: \"/path\"URL includes pathno_console_errors: trueNo console.error callsno_network_errors: trueNo failed network requestsvalue_equals: { ref, value }Input value matchescount_equals: { ref, count }Number of matching elements" }, { "title": "Variable Interpolation", "body": "Use ${...} for dynamic values:\n\n${auth.accounts.free.email} - From test plan\n${env.API_KEY} - From environment\n${captured.user_id} - From previous step capture" }, { "title": "Confidence Scoring", "body": "Calculate confidence based on test coverage and results:\n\nbase_confidence = 50\nper_smoke_pass = +5 (max 20)\nper_auth_pass = +8 (max 24)\nper_payment_pass = +10 (max 20)\nper_data_check_pass = +6 (max 18)\nstatic_analysis_clean = +8\nno_critical_failures = +10\n\nfinal_confidence = min(base + bonuses - penalties, 100)\n\nPenalties:\n\nCritical failure: -20\nHigh severity failure: -10\nMedium severity failure: -5\nSkipped critical test: -5" }, { "title": "References", "body": "references/test-patterns.md - Browser automation patterns and examples\nreferences/bug-patterns.md - Known bug patterns to detect\nreferences/report-format.md - QA report template" }, { "title": "Templates", "body": "assets/templates/basic.yaml - Zero-config smoke test\nassets/templates/auth-supabase.yaml - Supabase auth testing\nassets/templates/payments-stripe.yaml - Stripe payment testing\nassets/templates/full-saas.yaml - Complete SaaS test plan" }, { "title": "Examples", "body": "assets/examples/rewardly.yaml - Real-world React Native Web app test plan" }, { "title": "Tips", "body": "Start with smoke tests - Verify basic functionality before auth/payments\nUse guest mode first - Test without auth to establish baseline\nCheck console early - Console errors often reveal root causes\nScreenshot failures - Always capture evidence for debugging\nTest cache states - Sign out and clear cache to expose hidden issues\nVerify cross-platform - If React Native Web, test alert/linking patterns" } ], "body": "QA Patrol\n\nAutomated QA testing skill for web applications. Catches bugs that unit tests miss: cross-platform issues, auth state problems, data integrity failures, and integration breakages.\n\nSecurity & Privacy\n\nAll tests run locally on your machine. Nothing is sent to external servers. The browser automation uses OpenClaw's built-in browser control — no cloud services involved.\n\nPermissions by Level\nLevel\tWhat it does\tPermissions needed\tEnv vars needed\n1 — Smoke\tLoads pages, checks for errors\tbrowser only\tAPP_URL (or pass --url)\n2 — Auth/Payments\tTests sign-in, checkout flows\tbrowser only\tTest account credentials (see below)\n3 — Static Analysis\tScans local source code for bug patterns\tbrowser + read\tNone (uses local repo_path)\n3 — DB Integrity\tCompares DB values to UI display\tbrowser\tDATABASE_URL\n\nThe read permission is ONLY needed for Level 3 static analysis. Level 1 and Level 2 tests use browser automation exclusively. If you only run Level 1/2 tests, the skill never accesses local files.\n\nEnvironment Variables (all optional)\nVariable\tRequired\tUsed by\tPurpose\nAPP_URL\tNo\tLevel 1+\tTarget app URL (can also use --url flag)\nADMIN_EMAIL\tNo\tLevel 2\tAdmin test account email\nADMIN_PASSWORD\tNo\tLevel 2\tAdmin test account password\nFREE_EMAIL\tNo\tLevel 2\tFree-tier test account email\nFREE_PASSWORD\tNo\tLevel 2\tFree-tier test account password\nPRO_EMAIL\tNo\tLevel 2\tPro test account email\nPRO_PASSWORD\tNo\tLevel 2\tPro test account password\nDATABASE_URL\tNo\tLevel 3\tDB connection for data integrity checks\n\n⚠️ Use test credentials only — never supply production passwords or production DATABASE_URL.\n\nSecrets Handling\nNEVER hardcode secrets in test plans — always use environment variable interpolation: ${env.ADMIN_PASSWORD}\nCredentials are read from your local environment at runtime\nTest plans in this skill's examples use only ${env.VAR} placeholders\nThe skill does not persist, log, or transmit credentials\nSecurity Pattern Detection (Not Exploitation)\n\nThe references/bug-patterns.md file contains regex patterns for detecting exposed secrets in codebases (e.g., sk_live_, api_key=). These are detection patterns used to help developers find and fix security issues — they are NOT exploitation tools. This is standard practice in security linters like ESLint, Semgrep, and GitHub's secret scanning.\n\nNo Install Scripts, No Code Files\n\nThis is an instruction-only skill — it contains no executable code, no install scripts, and no third-party dependencies. The entire security surface is the SKILL.md instructions and OpenClaw's built-in browser/read capabilities.\n\nQuick Start\nLevel 1: Zero-Config Smoke Test\n# Just provide a URL\nqa-patrol https://example.com\n\nLevel 2: With Auth/Payments\n# Use a test plan template\nqa-patrol --plan auth-supabase.yaml --url https://example.com\n\nLevel 3: Full Config\n# Custom test plan with data integrity checks\nqa-patrol --plan my-app.yaml\n\nWorkflow\n1. Load or Generate Test Plan\n\nIf a YAML test plan is provided, load it. Otherwise, generate a basic plan:\n\napp:\n url: \n name: \n\ntests:\n smoke:\n - name: Homepage loads\n navigate: /\n assert:\n - element_exists: main\n - no_console_errors: true\n\n\nSee assets/templates/ for test plan templates:\n\nbasic.yaml - Zero-config smoke test\nauth-supabase.yaml - Supabase auth flows\npayments-stripe.yaml - Stripe checkout testing\nfull-saas.yaml - Complete SaaS test plan\n2. Execute Tests\n\nRun tests in order: smoke → auth → payments → data_integrity → static_analysis.\n\nFor each test:\n\nNavigate to the target URL\nExecute steps (click, type, wait)\nCapture snapshot and console logs\nEvaluate assertions\nRecord PASS/FAIL/SKIP with evidence\nBrowser Automation Patterns\n# Navigate and snapshot\nbrowser(action=\"navigate\", targetUrl=\"https://example.com/page\")\nbrowser(action=\"snapshot\")\n\n# Form interaction\nbrowser(action=\"act\", request={\"kind\": \"click\", \"ref\": \"email_input\"})\nbrowser(action=\"act\", request={\"kind\": \"type\", \"ref\": \"email_input\", \"text\": \"user@test.com\"})\nbrowser(action=\"act\", request={\"kind\": \"click\", \"ref\": \"submit_button\"})\n\n# Check console for errors\nbrowser(action=\"console\", level=\"error\")\n\n\nSee references/test-patterns.md for complete automation patterns.\n\n3. Check for Known Bug Patterns\n\nScan codebase (if accessible) for anti-patterns:\n\nPattern\tWhat to grep\tSeverity\nAlert.alert on web\tAlert.alert without Platform.OS guard\tHigh\nLinking in Modal\tLinking.openURL inside Modal component\tHigh\nMissing RLS\tSupabase queries without proper auth context\tHigh\nHardcoded secrets\tAPI keys in client code\tCritical\n\nSee references/bug-patterns.md for the full catalog.\n\n4. Data Integrity Checks (Level 3)\n\nWhen data_integrity tests are defined:\n\nExecute the DB query (requires DB access)\nNavigate to the UI path\nExtract the displayed value\nCompare against query result\nFlag mismatches with severity based on % difference\n5. Generate Report\n\nOutput a structured report:\n\n# QA Report: [App Name]\n**Date**: YYYY-MM-DD HH:MM\n**URL**: https://example.com\n**Confidence**: 87%\n\n## Summary\n| Category | Pass | Fail | Skip |\n|----------|------|------|------|\n| Smoke | 5 | 0 | 0 |\n| Auth | 3 | 1 | 0 |\n| Payments | 0 | 0 | 2 |\n\n## Failures\n\n### [FAIL] Auth: Session persistence after refresh\n**Steps**: Sign in → Refresh page → Check auth state\n**Expected**: User remains signed in\n**Actual**: Redirected to login page\n**Evidence**: [screenshot]\n**Severity**: High\n\n## Recommendations\n1. Fix session persistence (likely cookie/localStorage issue)\n2. Add Platform.OS guards to Alert.alert calls\n\n\nSee references/report-format.md for the complete template.\n\nTest Plan Reference\nApp Configuration\napp:\n url: https://example.com # Required: base URL\n name: My App # Optional: display name\n stack: expo-web # expo-web | nextjs | spa | static\n\nAuth Configuration\nauth:\n provider: supabase # supabase | firebase | auth0 | custom\n login_path: /auth # Path to login page\n accounts:\n admin:\n email: admin@test.com\n password: ${ADMIN_PASSWORD} # Use env vars for secrets\n free:\n email: free@test.com\n password: ${FREE_PASSWORD}\n guest: true # Test anonymous/guest mode\n\nTest Types\nSmoke Tests\ntests:\n smoke:\n - name: Homepage loads\n navigate: /\n assert:\n - element_exists: main\n - no_console_errors: true\n - no_network_errors: true\n \n - name: Navigation works\n navigate: /\n steps:\n - click: { ref: nav_link }\n - assert: { url_contains: \"/target\" }\n\nAuth Tests\ntests:\n auth:\n - name: Sign in flow\n steps:\n - navigate: /auth\n - type: { ref: email_input, text: \"${auth.accounts.free.email}\" }\n - type: { ref: password_input, text: \"${auth.accounts.free.password}\" }\n - click: { ref: sign_in_button }\n - wait: { url_contains: \"/home\", timeout: 5000 }\n - assert: { element_exists: \"user_avatar\" }\n \n - name: Sign out flow\n requires: signed_in\n steps:\n - click: { ref: user_menu }\n - click: { ref: sign_out_button }\n - assert: { url_contains: \"/auth\" }\n \n - name: Session persistence\n requires: signed_in\n steps:\n - navigate: /home\n - refresh: true\n - assert: { element_exists: \"user_avatar\" }\n\nPayment Tests\ntests:\n payments:\n provider: stripe\n tests:\n - name: Checkout creation\n steps:\n - navigate: /pricing\n - click: { ref: pro_plan_button }\n - wait: { url_contains: \"checkout.stripe.com\", timeout: 10000 }\n - assert: { element_exists: \"cardNumber\" }\n\nData Integrity Tests\ntests:\n data_integrity:\n - name: Card count matches\n query: \"SELECT count(*) FROM cards WHERE country='CA'\"\n ui_path: /settings\n ui_selector: \"[data-testid='card-count']\"\n tolerance: 0 # Exact match required\n \n - name: Points calculation\n query: \"SELECT points_rate FROM tiers WHERE name='Gold'\"\n ui_path: /calculator\n ui_selector: \".points-display\"\n tolerance: 0.01 # 1% tolerance\n\nStatic Analysis\ntests:\n static_analysis:\n scan_path: ./src\n patterns:\n - name: Alert.alert without Platform guard\n grep: \"Alert\\\\.alert\"\n exclude_grep: \"Platform\\\\.OS\"\n severity: high\n fix_hint: \"Wrap in Platform.OS check or use cross-platform alert\"\n \n - name: Hardcoded API keys\n grep: \"(sk_live_|pk_live_|api_key.*=.*['\\\"][a-zA-Z0-9]{20,})\"\n severity: critical\n\nAssertions Reference\nAssertion\tDescription\nelement_exists: \"ref\"\tElement with ref is in DOM\nelement_visible: \"ref\"\tElement is visible\ntext_contains: \"string\"\tPage contains text\nurl_contains: \"/path\"\tURL includes path\nno_console_errors: true\tNo console.error calls\nno_network_errors: true\tNo failed network requests\nvalue_equals: { ref, value }\tInput value matches\ncount_equals: { ref, count }\tNumber of matching elements\nVariable Interpolation\n\nUse ${...} for dynamic values:\n\n${auth.accounts.free.email} - From test plan\n${env.API_KEY} - From environment\n${captured.user_id} - From previous step capture\nConfidence Scoring\n\nCalculate confidence based on test coverage and results:\n\nbase_confidence = 50\nper_smoke_pass = +5 (max 20)\nper_auth_pass = +8 (max 24)\nper_payment_pass = +10 (max 20)\nper_data_check_pass = +6 (max 18)\nstatic_analysis_clean = +8\nno_critical_failures = +10\n\nfinal_confidence = min(base + bonuses - penalties, 100)\n\n\nPenalties:\n\nCritical failure: -20\nHigh severity failure: -10\nMedium severity failure: -5\nSkipped critical test: -5\nFiles\nReferences\nreferences/test-patterns.md - Browser automation patterns and examples\nreferences/bug-patterns.md - Known bug patterns to detect\nreferences/report-format.md - QA report template\nTemplates\nassets/templates/basic.yaml - Zero-config smoke test\nassets/templates/auth-supabase.yaml - Supabase auth testing\nassets/templates/payments-stripe.yaml - Stripe payment testing\nassets/templates/full-saas.yaml - Complete SaaS test plan\nExamples\nassets/examples/rewardly.yaml - Real-world React Native Web app test plan\nTips\nStart with smoke tests - Verify basic functionality before auth/payments\nUse guest mode first - Test without auth to establish baseline\nCheck console early - Console errors often reveal root causes\nScreenshot failures - Always capture evidence for debugging\nTest cache states - Sign out and clear cache to expose hidden issues\nVerify cross-platform - If React Native Web, test alert/linking patterns" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/tahseen137/qa-patrol", "publisherUrl": "https://clawhub.ai/tahseen137/qa-patrol", "owner": "tahseen137", "version": "1.0.3", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/qa-patrol", "downloadUrl": "https://openagent3.xyz/downloads/qa-patrol", "agentUrl": "https://openagent3.xyz/skills/qa-patrol/agent", "manifestUrl": "https://openagent3.xyz/skills/qa-patrol/agent.json", "briefUrl": "https://openagent3.xyz/skills/qa-patrol/agent.md" } }