pr-test

Facilitates end-to-end manual testing of PRs using Docker, ensuring thorough validation with detailed reporting and evidence.

Install this skill

or

0/100

Security score

The pr-test skill was audited on May 29, 2026 and we found 87 security issues across 5 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 122

Template literal with variable interpolation in command context

SourceSKILL.md

122

```bash

medium line 138

Template literal with variable interpolation in command context

SourceSKILL.md

138

```bash

medium line 234

Template literal with variable interpolation in command context

SourceSKILL.md

234

```bash

medium line 281

Template literal with variable interpolation in command context

SourceSKILL.md

281

```bash

medium line 305

Template literal with variable interpolation in command context

SourceSKILL.md

305

```bash

medium line 322

Template literal with variable interpolation in command context

SourceSKILL.md

322

```bash

medium line 477

Template literal with variable interpolation in command context

SourceSKILL.md

477

```bash

medium line 830

Template literal with variable interpolation in command context

SourceSKILL.md

830

```bash

medium line 892

Template literal with variable interpolation in command context

SourceSKILL.md

892

```bash

medium line 933

Template literal with variable interpolation in command context

SourceSKILL.md

933	- \`$(basename "$failed")\` (local path: \`$failed\`)"

medium line 1018

Template literal with variable interpolation in command context

SourceSKILL.md

1018

```bash

medium line 1039

Template literal with variable interpolation in command context

SourceSKILL.md

1039

```bash

medium line 69

Curl to non-GitHub URL

SourceSKILL.md

69	BEFORE=$(curl -s -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/credits \| jq '.credits')

medium line 75

Curl to non-GitHub URL

SourceSKILL.md

75	AFTER=$(curl -s -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/credits \| jq '.credits')

medium line 93

Curl to non-GitHub URL

SourceSKILL.md

93	API_CREDITS=$(curl -s -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/credits \| jq '.credits')

medium line 447

Curl to non-GitHub URL

SourceSKILL.md

447	if [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:8006/docs 2>/dev/null)" = "200" ]; then

medium line 465

Curl to non-GitHub URL

SourceSKILL.md

465	if [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:3000 2>/dev/null)" = "200" ]; then

medium line 494

Curl to non-GitHub URL

SourceSKILL.md

494	BACKEND=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:8006/docs 2>/dev/null)

medium line 495

Curl to non-GitHub URL

SourceSKILL.md

495	FRONTEND=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:3000 2>/dev/null)

medium line 512

Curl to non-GitHub URL

SourceSKILL.md

512	RESULT=$(curl -s -X POST 'http://localhost:8000/auth/v1/signup' \

medium line 522

Curl to non-GitHub URL

SourceSKILL.md

522	RESULT=$(curl -s -X POST 'http://localhost:8000/auth/v1/signup' \

medium line 529

Curl to non-GitHub URL

SourceSKILL.md

529	TOKEN=$(curl -s -X POST 'http://localhost:8000/auth/v1/token?grant_type=password' \

medium line 537

Curl to non-GitHub URL

SourceSKILL.md

537	curl -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/...

medium line 584

Curl to non-GitHub URL

SourceSKILL.md

584	curl -s -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/graphs \| jq . \| head -20

medium line 587

Curl to non-GitHub URL

SourceSKILL.md

587	curl -s -X POST http://localhost:8006/api/graphs \

medium line 593

Curl to non-GitHub URL

SourceSKILL.md

593	curl -s -X POST "http://localhost:8006/api/graphs/{graph_id}/execute" \

medium line 606

Curl to non-GitHub URL

SourceSKILL.md

606	BEFORE_STATE=$(curl -s -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/{resource} \| jq '{relevant_fields}')

medium line 614

Curl to non-GitHub URL

SourceSKILL.md

614	AFTER_STATE=$(curl -s -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/{resource} \| jq '{relevant_fields}')

medium line 711

Curl to non-GitHub URL

SourceSKILL.md

711	SESSION_ID=$(curl -s -X POST 'http://localhost:8006/api/chat/sessions' \

medium line 717

Curl to non-GitHub URL

SourceSKILL.md

717	curl -N -X POST "http://localhost:8006/api/chat/sessions/$SESSION_ID/stream" \

medium line 357

Access to hidden dotfiles in home directory

SourceSKILL.md

357	- Linux/WSL: `~/.claude/.credentials.json`

medium line 360

Access to hidden dotfiles in home directory

SourceSKILL.md

360	It sets `CLAUDE_CODE_OAUTH_TOKEN`, `CLAUDE_CODE_REFRESH_TOKEN`, and `CHAT_USE_CLAUDE_CODE_SUBSCRIPTION=true` in the `.env` file. On container startup, the backend auto-provisions `~/.claude/.credentia

medium line 1122

Access to hidden dotfiles in home directory

SourceSKILL.md

1122	Fix: Re-extract the OAuth token from macOS keychain (see step 3b, Option 1) and recreate the container (`docker compose up -d copilot_executor`). The backend auto-provisions `~/.claude/.credential

medium line 329

Access to .env file

SourceSKILL.md

329	### 3a. Copy .env files from the root worktree

medium line 331

Access to .env file

SourceSKILL.md

331	The root worktree (`$REPO_ROOT`) has the canonical `.env` files with all API keys. Copy them to the target worktree:

low line 334

Access to .env file

SourceSKILL.md

334	# CRITICAL: .env files are NOT checked into git. They must be copied manually.

low line 335

Access to .env file

SourceSKILL.md

335	cp $REPO_ROOT/autogpt_platform/.env $PLATFORM_DIR/.env

low line 336

Access to .env file

SourceSKILL.md

336	cp $REPO_ROOT/autogpt_platform/backend/.env $BACKEND_DIR/.env

low line 337

Access to .env file

SourceSKILL.md

337	cp $REPO_ROOT/autogpt_platform/frontend/.env $FRONTEND_DIR/.env

medium line 348

Access to .env file

SourceSKILL.md

348	Run the helper script to extract tokens from your host and auto-update `backend/.env` (works on macOS, Linux, and Windows/WSL):

low line 351

Access to .env file

SourceSKILL.md

351	# Extracts OAuth tokens and writes CLAUDE_CODE_OAUTH_TOKEN + CLAUDE_CODE_REFRESH_TOKEN into .env

low line 352

Access to .env file

SourceSKILL.md

352	bash $BACKEND_DIR/scripts/refresh_claude_token.sh --env-file $BACKEND_DIR/.env

medium line 360

Access to .env file

SourceSKILL.md

360	It sets `CLAUDE_CODE_OAUTH_TOKEN`, `CLAUDE_CODE_REFRESH_TOKEN`, and `CHAT_USE_CLAUDE_CODE_SUBSCRIPTION=true` in the `.env` file. On container startup, the backend auto-provisions `~/.claude/.credentia

medium line 362

Access to .env file

SourceSKILL.md

362	Note: The OAuth token expires (~24h). If copilot returns auth errors, re-run the script and restart: `$BACKEND_DIR/scripts/refresh_claude_token.sh --env-file $BACKEND_DIR/.env && docker compose up

low line 369

Access to .env file

SourceSKILL.md

369	# In $BACKEND_DIR/.env, ensure these are set:

low line 371

Access to .env file

SourceSKILL.md

371	CHAT_API_KEY=<value of OPEN_ROUTER_API_KEY from the same .env>

low line 378

Access to .env file

SourceSKILL.md

378	ORKEY=$(grep "^OPEN_ROUTER_API_KEY=" $BACKEND_DIR/.env \| cut -d= -f2)

low line 379

Access to .env file

SourceSKILL.md

379	[ -n "$ORKEY" ] \|\| { echo "ERROR: OPEN_ROUTER_API_KEY is missing in $BACKEND_DIR/.env"; exit 1; }

low line 380

Access to .env file

SourceSKILL.md

380	perl -i -pe 's/CHAT_USE_CLAUDE_CODE_SUBSCRIPTION=true/CHAT_USE_CLAUDE_CODE_SUBSCRIPTION=false/' $BACKEND_DIR/.env

low line 382

Access to .env file

SourceSKILL.md

382	grep -q "^CHAT_API_KEY=" $BACKEND_DIR/.env && perl -i -pe "s\|^CHAT_API_KEY=.*\|CHAT_API_KEY=$ORKEY\|" $BACKEND_DIR/.env \|\| echo "CHAT_API_KEY=$ORKEY" >> $BACKEND_DIR/.env

low line 383

Access to .env file

SourceSKILL.md

383	grep -q "^CHAT_BASE_URL=" $BACKEND_DIR/.env && perl -i -pe 's\|^CHAT_BASE_URL=.*\|CHAT_BASE_URL=https://openrouter.ai/api/v1\|' $BACKEND_DIR/.env \|\| echo "CHAT_BASE_URL=https://openrouter.ai/api/v1" >> $

low line 508

Access to .env file

SourceSKILL.md

508	ANON_KEY=$(grep "NEXT_PUBLIC_SUPABASE_ANON_KEY=" $FRONTEND_DIR/.env \| sed 's/.*NEXT_PUBLIC_SUPABASE_ANON_KEY=//' \| tr -d '[:space:]')

high line 356

Access to system keychain/keyring

SourceSKILL.md

356	- macOS: system keychain (`"Claude Code-credentials"`)

high line 1122

Access to system keychain/keyring

SourceSKILL.md

1122	Fix: Re-extract the OAuth token from macOS keychain (see step 3b, Option 1) and recreate the container (`docker compose up -d copilot_executor`). The backend auto-provisions `~/.claude/.credential

low line 69

External URL reference

SourceSKILL.md

69	BEFORE=$(curl -s -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/credits \| jq '.credits')

low line 75

External URL reference

SourceSKILL.md

75	AFTER=$(curl -s -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/credits \| jq '.credits')

low line 93

External URL reference

SourceSKILL.md

93	API_CREDITS=$(curl -s -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/credits \| jq '.credits')

low line 372

External URL reference

SourceSKILL.md

372	CHAT_BASE_URL=https://openrouter.ai/api/v1

low line 383

External URL reference

SourceSKILL.md

383	grep -q "^CHAT_BASE_URL=" $BACKEND_DIR/.env && perl -i -pe 's\|^CHAT_BASE_URL=.*\|CHAT_BASE_URL=https://openrouter.ai/api/v1\|' $BACKEND_DIR/.env \|\| echo "CHAT_BASE_URL=https://openrouter.ai/api/v1" >> $

low line 447

External URL reference

SourceSKILL.md

447	if [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:8006/docs 2>/dev/null)" = "200" ]; then

low line 465

External URL reference

SourceSKILL.md

465	if [ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:3000 2>/dev/null)" = "200" ]; then

low line 494

External URL reference

SourceSKILL.md

494	BACKEND=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:8006/docs 2>/dev/null)

low line 495

External URL reference

SourceSKILL.md

495	FRONTEND=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:3000 2>/dev/null)

low line 512

External URL reference

SourceSKILL.md

512	RESULT=$(curl -s -X POST 'http://localhost:8000/auth/v1/signup' \

low line 522

External URL reference

SourceSKILL.md

522	RESULT=$(curl -s -X POST 'http://localhost:8000/auth/v1/signup' \

low line 529

External URL reference

SourceSKILL.md

529	TOKEN=$(curl -s -X POST 'http://localhost:8000/auth/v1/token?grant_type=password' \

low line 537

External URL reference

SourceSKILL.md

537	curl -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/...

low line 547

External URL reference

SourceSKILL.md

547	"http://localhost:8006/api/onboarding/step?step=VISIT_COPILOT" \

low line 553

External URL reference

SourceSKILL.md

553	"http://localhost:8006/api/onboarding/completed" \

low line 568

External URL reference

SourceSKILL.md

568	\| Frontend \| 3000 \| http://localhost:3000 \|

low line 569

External URL reference

SourceSKILL.md

569	\| Backend REST \| 8006 \| http://localhost:8006 \|

low line 570

External URL reference

SourceSKILL.md

570	\| Supabase Auth (via Kong) \| 8000 \| http://localhost:8000 \|

low line 571

External URL reference

SourceSKILL.md

571	\| Executor \| 8002 \| http://localhost:8002 \|

low line 572

External URL reference

SourceSKILL.md

572	\| Copilot Executor \| 8008 \| http://localhost:8008 \|

low line 573

External URL reference

SourceSKILL.md

573	\| WebSocket \| 8001 \| http://localhost:8001 \|

low line 574

External URL reference

SourceSKILL.md

574	\| Database Manager \| 8005 \| http://localhost:8005 \|

low line 584

External URL reference

SourceSKILL.md

584	curl -s -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/graphs \| jq . \| head -20

low line 587

External URL reference

SourceSKILL.md

587	curl -s -X POST http://localhost:8006/api/graphs \

low line 593

External URL reference

SourceSKILL.md

593	curl -s -X POST "http://localhost:8006/api/graphs/{graph_id}/execute" \

low line 600

External URL reference

SourceSKILL.md

600	"http://localhost:8006/api/graphs/{graph_id}/executions/{exec_id}" \| jq .

low line 606

External URL reference

SourceSKILL.md

606	BEFORE_STATE=$(curl -s -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/{resource} \| jq '{relevant_fields}')

low line 614

External URL reference

SourceSKILL.md

614	AFTER_STATE=$(curl -s -H "Authorization: Bearer $TOKEN" http://localhost:8006/api/{resource} \| jq '{relevant_fields}')

low line 632

External URL reference

SourceSKILL.md

632	agent-browser --session-name pr-test open 'http://localhost:3000/login' --timeout 15000

low line 647

External URL reference

SourceSKILL.md

647	agent-browser --session-name pr-test open 'http://localhost:3000/copilot' --timeout 10000

low line 711

External URL reference

SourceSKILL.md

711	SESSION_ID=$(curl -s -X POST 'http://localhost:8006/api/chat/sessions' \

low line 717

External URL reference

SourceSKILL.md

717	curl -N -X POST "http://localhost:8006/api/chat/sessions/$SESSION_ID/stream" \

low line 726

External URL reference

SourceSKILL.md

726	agent-browser --session-name pr-test open 'http://localhost:3000/copilot' --timeout 10000

Scanned on May 29, 2026

View Security Dashboard

Installation guide →

GitHub Stars 15

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

claude claude-code copilot frontend playwright supabase react docx git api database testing devops mobile backend qa-engineer devops-sre backend-developer docker github redis development

HIDORAKAI002/ai-workspace-archive