Skip to main content

qa

Automates QA testing for template apps using Playwright, enabling efficient bug detection and reporting.

Install this skill

or
51/100

Security score

The qa skill was audited on Jun 6, 2026 and we found 13 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 84

Curl to non-GitHub URL

SourceSKILL.md
84for i in {1..30}; do curl -s -o /dev/null -w "%{http_code}" http://localhost:9201 && break; sleep 1; done
medium line 96

Webhook reference - potential data exfiltration

SourceSKILL.md
964. `templates/<app>/server/routes/api/` — route-only endpoints such as uploads, streaming, webhooks, and OAuth callbacks
medium line 57

Access to .env file

SourceSKILL.md
57| calendar | `templates/calendar/.env` has `GOOGLE_CLIENT_ID` present | Partially — local events work, Google sync won't |
medium line 58

Access to .env file

SourceSKILL.md
58| mail | `templates/mail/.env` has `GOOGLE_CLIENT_ID` present | Partially — UI renders, Gmail features won't |
medium line 60

Access to .env file

SourceSKILL.md
60Read each app's `.env` file (if it exists) only to check whether required names
medium line 61

Access to .env file

SourceSKILL.md
61are present. Never print, copy, summarize, paste, or pass `.env` values into
medium line 307

Access to .env file

SourceSKILL.md
307- Missing `.env` file — some apps need one even if empty. Check `.env.example`
medium line 323

Access to .env file

SourceSKILL.md
3231. Check the `.env` file exists and has the right variable names
medium line 324

Access to .env file

SourceSKILL.md
3242. Check if the app reads from `.env` or `data/.env`
low line 84

External URL reference

SourceSKILL.md
84for i in {1..30}; do curl -s -o /dev/null -w "%{http_code}" http://localhost:9201 && break; sleep 1; done
low line 176

External URL reference

SourceSKILL.md
176You are a QA tester for the **{{app_name}}** app running at `http://localhost:{{port}}`.
low line 202

External URL reference

SourceSKILL.md
2021. **Navigate**: `browser_navigate` to `http://localhost:{{port}}<path>`
low line 236

External URL reference

SourceSKILL.md
236Always start by navigating to `http://localhost:{{port}}/` and taking a snapshot to verify the app is running.
Scanned on Jun 6, 2026
View Security Dashboard
Installation guide →
GitHub Stars 464
Rate this skill
Categorydevelopment
UpdatedJune 10, 2026
claudeclaude-codefrontendnotionplaywrightdocxapitestingbackendqa-engineerdevops-srebackend-developerplaywrightdevelopment
BuilderIO/agent-native