# Send Qa Patrol to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "qa-patrol", "name": "Qa Patrol", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/tahseen137/qa-patrol", "canonicalUrl": "https://clawhub.ai/tahseen137/qa-patrol", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/qa-patrol", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=qa-patrol", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "SKILL.md", "assets/examples/rewardly.yaml", "assets/templates/auth-supabase.yaml", "assets/templates/basic.yaml", "assets/templates/full-saas.yaml", "assets/templates/payments-stripe.yaml" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "qa-patrol", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:41:12.348Z", "expiresAt": "2026-05-14T17:41:12.348Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=qa-patrol", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=qa-patrol", "contentDisposition": "attachment; filename=\"qa-patrol-1.0.3.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "qa-patrol" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/qa-patrol" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/qa-patrol", "downloadUrl": "https://openagent3.xyz/downloads/qa-patrol", "agentUrl": "https://openagent3.xyz/skills/qa-patrol/agent", "manifestUrl": "https://openagent3.xyz/skills/qa-patrol/agent.json", "briefUrl": "https://openagent3.xyz/skills/qa-patrol/agent.md" } } ``` ## Documentation ### QA Patrol Automated QA testing skill for web applications. Catches bugs that unit tests miss: cross-platform issues, auth state problems, data integrity failures, and integration breakages. ### Security & Privacy All tests run locally on your machine. Nothing is sent to external servers. The browser automation uses OpenClaw's built-in browser control — no cloud services involved. ### Permissions by Level LevelWhat it doesPermissions neededEnv vars needed1 — SmokeLoads pages, checks for errorsbrowser onlyAPP_URL (or pass --url)2 — Auth/PaymentsTests sign-in, checkout flowsbrowser onlyTest account credentials (see below)3 — Static AnalysisScans local source code for bug patternsbrowser + readNone (uses local repo_path)3 — DB IntegrityCompares DB values to UI displaybrowserDATABASE_URL The read permission is ONLY needed for Level 3 static analysis. Level 1 and Level 2 tests use browser automation exclusively. If you only run Level 1/2 tests, the skill never accesses local files. ### Environment Variables (all optional) VariableRequiredUsed byPurposeAPP_URLNoLevel 1+Target app URL (can also use --url flag)ADMIN_EMAILNoLevel 2Admin test account emailADMIN_PASSWORDNoLevel 2Admin test account passwordFREE_EMAILNoLevel 2Free-tier test account emailFREE_PASSWORDNoLevel 2Free-tier test account passwordPRO_EMAILNoLevel 2Pro test account emailPRO_PASSWORDNoLevel 2Pro test account passwordDATABASE_URLNoLevel 3DB connection for data integrity checks ⚠️ Use test credentials only — never supply production passwords or production DATABASE_URL. ### Secrets Handling NEVER hardcode secrets in test plans — always use environment variable interpolation: ${env.ADMIN_PASSWORD} Credentials are read from your local environment at runtime Test plans in this skill's examples use only ${env.VAR} placeholders The skill does not persist, log, or transmit credentials ### Security Pattern Detection (Not Exploitation) The references/bug-patterns.md file contains regex patterns for detecting exposed secrets in codebases (e.g., sk_live_, api_key=). These are detection patterns used to help developers find and fix security issues — they are NOT exploitation tools. This is standard practice in security linters like ESLint, Semgrep, and GitHub's secret scanning. ### No Install Scripts, No Code Files This is an instruction-only skill — it contains no executable code, no install scripts, and no third-party dependencies. The entire security surface is the SKILL.md instructions and OpenClaw's built-in browser/read capabilities. ### Level 1: Zero-Config Smoke Test # Just provide a URL qa-patrol https://example.com ### Level 2: With Auth/Payments # Use a test plan template qa-patrol --plan auth-supabase.yaml --url https://example.com ### Level 3: Full Config # Custom test plan with data integrity checks qa-patrol --plan my-app.yaml ### 1. Load or Generate Test Plan If a YAML test plan is provided, load it. Otherwise, generate a basic plan: app: url: name: tests: smoke: - name: Homepage loads navigate: / assert: - element_exists: main - no_console_errors: true See assets/templates/ for test plan templates: basic.yaml - Zero-config smoke test auth-supabase.yaml - Supabase auth flows payments-stripe.yaml - Stripe checkout testing full-saas.yaml - Complete SaaS test plan ### 2. Execute Tests Run tests in order: smoke → auth → payments → data_integrity → static_analysis. For each test: Navigate to the target URL Execute steps (click, type, wait) Capture snapshot and console logs Evaluate assertions Record PASS/FAIL/SKIP with evidence Browser Automation Patterns # Navigate and snapshot browser(action="navigate", targetUrl="https://example.com/page") browser(action="snapshot") # Form interaction browser(action="act", request={"kind": "click", "ref": "email_input"}) browser(action="act", request={"kind": "type", "ref": "email_input", "text": "user@test.com"}) browser(action="act", request={"kind": "click", "ref": "submit_button"}) # Check console for errors browser(action="console", level="error") See references/test-patterns.md for complete automation patterns. ### 3. Check for Known Bug Patterns Scan codebase (if accessible) for anti-patterns: PatternWhat to grepSeverityAlert.alert on webAlert.alert without Platform.OS guardHighLinking in ModalLinking.openURL inside Modal componentHighMissing RLSSupabase queries without proper auth contextHighHardcoded secretsAPI keys in client codeCritical See references/bug-patterns.md for the full catalog. ### 4. Data Integrity Checks (Level 3) When data_integrity tests are defined: Execute the DB query (requires DB access) Navigate to the UI path Extract the displayed value Compare against query result Flag mismatches with severity based on % difference ### 5. Generate Report Output a structured report: # QA Report: [App Name] **Date**: YYYY-MM-DD HH:MM **URL**: https://example.com **Confidence**: 87% ## Summary | Category | Pass | Fail | Skip | |----------|------|------|------| | Smoke | 5 | 0 | 0 | | Auth | 3 | 1 | 0 | | Payments | 0 | 0 | 2 | ## Failures ### [FAIL] Auth: Session persistence after refresh **Steps**: Sign in → Refresh page → Check auth state **Expected**: User remains signed in **Actual**: Redirected to login page **Evidence**: [screenshot] **Severity**: High ## Recommendations 1. Fix session persistence (likely cookie/localStorage issue) 2. Add Platform.OS guards to Alert.alert calls See references/report-format.md for the complete template. ### App Configuration app: url: https://example.com # Required: base URL name: My App # Optional: display name stack: expo-web # expo-web | nextjs | spa | static ### Auth Configuration auth: provider: supabase # supabase | firebase | auth0 | custom login_path: /auth # Path to login page accounts: admin: email: admin@test.com password: ${ADMIN_PASSWORD} # Use env vars for secrets free: email: free@test.com password: ${FREE_PASSWORD} guest: true # Test anonymous/guest mode ### Test Types Smoke Tests tests: smoke: - name: Homepage loads navigate: / assert: - element_exists: main - no_console_errors: true - no_network_errors: true - name: Navigation works navigate: / steps: - click: { ref: nav_link } - assert: { url_contains: "/target" } Auth Tests tests: auth: - name: Sign in flow steps: - navigate: /auth - type: { ref: email_input, text: "${auth.accounts.free.email}" } - type: { ref: password_input, text: "${auth.accounts.free.password}" } - click: { ref: sign_in_button } - wait: { url_contains: "/home", timeout: 5000 } - assert: { element_exists: "user_avatar" } - name: Sign out flow requires: signed_in steps: - click: { ref: user_menu } - click: { ref: sign_out_button } - assert: { url_contains: "/auth" } - name: Session persistence requires: signed_in steps: - navigate: /home - refresh: true - assert: { element_exists: "user_avatar" } Payment Tests tests: payments: provider: stripe tests: - name: Checkout creation steps: - navigate: /pricing - click: { ref: pro_plan_button } - wait: { url_contains: "checkout.stripe.com", timeout: 10000 } - assert: { element_exists: "cardNumber" } Data Integrity Tests tests: data_integrity: - name: Card count matches query: "SELECT count(*) FROM cards WHERE country='CA'" ui_path: /settings ui_selector: "[data-testid='card-count']" tolerance: 0 # Exact match required - name: Points calculation query: "SELECT points_rate FROM tiers WHERE name='Gold'" ui_path: /calculator ui_selector: ".points-display" tolerance: 0.01 # 1% tolerance Static Analysis tests: static_analysis: scan_path: ./src patterns: - name: Alert.alert without Platform guard grep: "Alert\\\\.alert" exclude_grep: "Platform\\\\.OS" severity: high fix_hint: "Wrap in Platform.OS check or use cross-platform alert" - name: Hardcoded API keys grep: "(sk_live_|pk_live_|api_key.*=.*['\\"][a-zA-Z0-9]{20,})" severity: critical ### Assertions Reference AssertionDescriptionelement_exists: "ref"Element with ref is in DOMelement_visible: "ref"Element is visibletext_contains: "string"Page contains texturl_contains: "/path"URL includes pathno_console_errors: trueNo console.error callsno_network_errors: trueNo failed network requestsvalue_equals: { ref, value }Input value matchescount_equals: { ref, count }Number of matching elements ### Variable Interpolation Use ${...} for dynamic values: ${auth.accounts.free.email} - From test plan ${env.API_KEY} - From environment ${captured.user_id} - From previous step capture ### Confidence Scoring Calculate confidence based on test coverage and results: base_confidence = 50 per_smoke_pass = +5 (max 20) per_auth_pass = +8 (max 24) per_payment_pass = +10 (max 20) per_data_check_pass = +6 (max 18) static_analysis_clean = +8 no_critical_failures = +10 final_confidence = min(base + bonuses - penalties, 100) Penalties: Critical failure: -20 High severity failure: -10 Medium severity failure: -5 Skipped critical test: -5 ### References references/test-patterns.md - Browser automation patterns and examples references/bug-patterns.md - Known bug patterns to detect references/report-format.md - QA report template ### Templates assets/templates/basic.yaml - Zero-config smoke test assets/templates/auth-supabase.yaml - Supabase auth testing assets/templates/payments-stripe.yaml - Stripe payment testing assets/templates/full-saas.yaml - Complete SaaS test plan ### Examples assets/examples/rewardly.yaml - Real-world React Native Web app test plan ### Tips Start with smoke tests - Verify basic functionality before auth/payments Use guest mode first - Test without auth to establish baseline Check console early - Console errors often reveal root causes Screenshot failures - Always capture evidence for debugging Test cache states - Sign out and clear cache to expose hidden issues Verify cross-platform - If React Native Web, test alert/linking patterns ## Trust - Source: tencent - Verification: Indexed source record - Publisher: tahseen137 - Version: 1.0.3 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-05-07T17:41:12.348Z - Expires at: 2026-05-14T17:41:12.348Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/qa-patrol) - [Send to Agent page](https://openagent3.xyz/skills/qa-patrol/agent) - [JSON manifest](https://openagent3.xyz/skills/qa-patrol/agent.json) - [Markdown brief](https://openagent3.xyz/skills/qa-patrol/agent.md) - [Download page](https://openagent3.xyz/downloads/qa-patrol)