Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

astro44/qa-backend

Name: qa-backend
Author: astro44

.cursor/skills/qa-backend/SKILL.md

npx skillsauth add astro44/Autonom8-Agents qa-backend

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

qa-backend - Backend API Testing

Validates backend services: REST APIs, Lambda functions, gRPC endpoints, and database operations.

Input Schema

{
  "project_dir": "/path/to/backend",
  "ticket_id": "TICKET-XXX",
  "service_type": "rest|lambda|grpc|graphql",
  "base_url": "http://localhost:3000",
  "test_path": "tests/",
  "checks": ["endpoints", "schemas", "errors", "auth"]
}

Service Types

REST API Testing

# Run API tests
cd $project_dir
npm test -- --grep "api"
# or
pytest tests/api/ -v

Lambda Testing

# Local Lambda test
sam local invoke MyFunction -e events/test-event.json

# Run unit tests
npm test -- --grep "lambda"

gRPC Testing

# Use grpcurl for endpoint testing
grpcurl -plaintext localhost:50051 list
grpcurl -plaintext -d '{"id": "123"}' localhost:50051 myservice.MyService/GetItem

Instructions

1. Endpoint Validation

# Check endpoint responds
curl -s -o /dev/null -w "%{http_code}" $base_url/api/health
# Expected: 200

# Check endpoint returns valid JSON
curl -s $base_url/api/users | jq .

2. Schema Validation

// Validate response matches schema
const Ajv = require('ajv');
const ajv = new Ajv();

const schema = require('./schemas/user.json');
const validate = ajv.compile(schema);

const response = await fetch('/api/users/1');
const data = await response.json();
const valid = validate(data);
// valid should be true

3. Error Handling

# Test 404 handling
curl -s -w "\n%{http_code}" $base_url/api/nonexistent
# Expected: 404 with error body

# Test 400 handling (bad input)
curl -s -X POST -H "Content-Type: application/json" \
  -d '{"invalid": true}' \
  $base_url/api/users
# Expected: 400 with validation errors

4. Authentication

# Test unauthorized access
curl -s -w "\n%{http_code}" $base_url/api/protected
# Expected: 401

# Test with valid token
curl -s -H "Authorization: Bearer $TOKEN" $base_url/api/protected
# Expected: 200

Output Format

{
  "skill": "qa-backend",
  "status": "pass|fail",
  "service_type": "rest",
  "tests": {
    "total": 25,
    "passed": 23,
    "failed": 2,
    "skipped": 0
  },
  "checks": {
    "endpoints": {
      "passed": true,
      "tested": 8,
      "all_responding": true
    },
    "schemas": {
      "passed": false,
      "violations": [
        {
          "endpoint": "GET /api/users",
          "field": "createdAt",
          "expected": "string (ISO date)",
          "actual": "number (timestamp)"
        }
      ]
    },
    "errors": {
      "passed": true,
      "404_handled": true,
      "400_handled": true,
      "500_handled": true
    },
    "auth": {
      "passed": true,
      "unauthorized_returns_401": true,
      "valid_token_accepted": true
    }
  },
  "errors": [
    {
      "test": "GET /api/users schema",
      "message": "createdAt should be ISO string, got timestamp",
      "severity": "MEDIUM"
    }
  ],
  "next_action": "proceed|fix"
}

Common Checks

| Check | What it Validates | Severity | |-------|-------------------|----------| | Endpoints respond | All routes return non-500 | HIGH | | Schema validation | Response matches contract | MEDIUM | | Error handling | Proper error responses | MEDIUM | | Auth enforcement | Protected routes require auth | HIGH | | Rate limiting | Rate limits enforced | LOW | | CORS headers | Correct CORS config | MEDIUM |

Decision Logic

Any HIGH severity failure?
    YES → status: "fail", next_action: "fix"

Any MEDIUM severity failure?
    YES → status: "warning", next_action: "fix"

All checks pass?
    YES → status: "pass", next_action: "proceed"

Usage Examples

REST API test:

{
  "project_dir": "/projects/api-service",
  "service_type": "rest",
  "base_url": "http://localhost:3000",
  "checks": ["endpoints", "schemas", "errors", "auth"]
}

Lambda test:

{
  "project_dir": "/projects/lambda-function",
  "service_type": "lambda",
  "checks": ["endpoints", "schemas", "errors"]
}

gRPC test:

{
  "project_dir": "/projects/grpc-service",
  "service_type": "grpc",
  "base_url": "localhost:50051",
  "checks": ["endpoints", "schemas"]
}

Token Efficiency

Uses existing test frameworks (jest, pytest, go test)
Returns structured JSON results
Provides actionable error details
~10-60 second execution depending on test count

astro44/qa-backend

.cursor/skills/qa-backend/SKILL.md

Backend QA for API/Lambda/gRPC testing. Validates endpoints, response schemas, error handling, and integration tests. Returns JSON with test results.

2 stars

development

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add astro44/Autonom8-Agents qa-backend

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 30, 2026, 1:26 AM3.7s1 file scanned

SKILL.md

name:: qa-backend
description:: Backend QA for API/Lambda/gRPC testing. Validates endpoints, response schemas, error handling, and integration tests. Returns JSON with test results.

qa-backend - Backend API Testing

Validates backend services: REST APIs, Lambda functions, gRPC endpoints, and database operations.

Input Schema

{
  "project_dir": "/path/to/backend",
  "ticket_id": "TICKET-XXX",
  "service_type": "rest|lambda|grpc|graphql",
  "base_url": "http://localhost:3000",
  "test_path": "tests/",
  "checks": ["endpoints", "schemas", "errors", "auth"]
}

Service Types

REST API Testing

# Run API tests
cd $project_dir
npm test -- --grep "api"
# or
pytest tests/api/ -v

Lambda Testing

# Local Lambda test
sam local invoke MyFunction -e events/test-event.json

# Run unit tests
npm test -- --grep "lambda"

gRPC Testing

# Use grpcurl for endpoint testing
grpcurl -plaintext localhost:50051 list
grpcurl -plaintext -d '{"id": "123"}' localhost:50051 myservice.MyService/GetItem

Instructions

1. Endpoint Validation

# Check endpoint responds
curl -s -o /dev/null -w "%{http_code}" $base_url/api/health
# Expected: 200

# Check endpoint returns valid JSON
curl -s $base_url/api/users | jq .

2. Schema Validation

// Validate response matches schema
const Ajv = require('ajv');
const ajv = new Ajv();

const schema = require('./schemas/user.json');
const validate = ajv.compile(schema);

const response = await fetch('/api/users/1');
const data = await response.json();
const valid = validate(data);
// valid should be true

3. Error Handling

# Test 404 handling
curl -s -w "\n%{http_code}" $base_url/api/nonexistent
# Expected: 404 with error body

# Test 400 handling (bad input)
curl -s -X POST -H "Content-Type: application/json" \
  -d '{"invalid": true}' \
  $base_url/api/users
# Expected: 400 with validation errors

4. Authentication

# Test unauthorized access
curl -s -w "\n%{http_code}" $base_url/api/protected
# Expected: 401

# Test with valid token
curl -s -H "Authorization: Bearer $TOKEN" $base_url/api/protected
# Expected: 200

Output Format

{
  "skill": "qa-backend",
  "status": "pass|fail",
  "service_type": "rest",
  "tests": {
    "total": 25,
    "passed": 23,
    "failed": 2,
    "skipped": 0
  },
  "checks": {
    "endpoints": {
      "passed": true,
      "tested": 8,
      "all_responding": true
    },
    "schemas": {
      "passed": false,
      "violations": [
        {
          "endpoint": "GET /api/users",
          "field": "createdAt",
          "expected": "string (ISO date)",
          "actual": "number (timestamp)"
        }
      ]
    },
    "errors": {
      "passed": true,
      "404_handled": true,
      "400_handled": true,
      "500_handled": true
    },
    "auth": {
      "passed": true,
      "unauthorized_returns_401": true,
      "valid_token_accepted": true
    }
  },
  "errors": [
    {
      "test": "GET /api/users schema",
      "message": "createdAt should be ISO string, got timestamp",
      "severity": "MEDIUM"
    }
  ],
  "next_action": "proceed|fix"
}

Common Checks

Decision Logic

Any HIGH severity failure?
    YES → status: "fail", next_action: "fix"

Any MEDIUM severity failure?
    YES → status: "warning", next_action: "fix"

All checks pass?
    YES → status: "pass", next_action: "proceed"

Usage Examples

REST API test:

{
  "project_dir": "/projects/api-service",
  "service_type": "rest",
  "base_url": "http://localhost:3000",
  "checks": ["endpoints", "schemas", "errors", "auth"]
}

Lambda test:

{
  "project_dir": "/projects/lambda-function",
  "service_type": "lambda",
  "checks": ["endpoints", "schemas", "errors"]
}

gRPC test:

{
  "project_dir": "/projects/grpc-service",
  "service_type": "grpc",
  "base_url": "localhost:50051",
  "checks": ["endpoints", "schemas"]
}

Token Efficiency

Uses existing test frameworks (jest, pytest, go test)
Returns structured JSON results
Provides actionable error details
~10-60 second execution depending on test count

Related Skills

astro44/bookend-score-complexity

development

VerifiedTrustedCommunity

Scores proposal complexity against codebase surface. Uses proposal text analysis and readiness stats to determine decomposition tier and agent count.

2SKILL.mdUpdated May 13, 2026

astro44/bookend-score-complexity

astro44/bookend-scan-readiness

testing

VerifiedTrustedCommunity

Fast filesystem readiness scan — counts docs, source files, manifests, platform signals. Produces initial ReadinessReport for agent spawning decisions.

2SKILL.mdUpdated May 13, 2026

astro44/bookend-scan-readiness

astro44/bookend-reconcile

testing

VerifiedTrustedCommunity

Merges bookend agent reports into revised readiness, complexity, and decomposition plan. Produces the final evidence-backed assessment consumed by sprint-architect-agent.

2SKILL.mdUpdated May 13, 2026

astro44/bookend-reconcile

astro44/mathematician

development

VerifiedTrustedCommunity

Rigorously reasons about definitions, proofs, and computations in algebra, analysis, discrete math, probability, linear algebra, and applied math. Verifies derivations, spots invalid steps, and states assumptions clearly. Use when solving or proving math problems, reviewing mathematical arguments, modeling with equations, interpreting statistics, or when the user mentions proofs, lemmas, theorems, integrals, series, matrices, optimization, or numerical methods.

2SKILL.mdUpdated May 4, 2026

astro44/mathematician

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/astro44/Autonom8-Agents.git

# Copy into Claude Code skills folder (global)
cp -r Autonom8-Agents/.cursor/skills/qa-backend ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

astro44/Autonom8-Agents

2 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT