carterdea/qa
agents/skills/qa/SKILL.md
Verify completed work in the browser using QA notes from a plan file
$ install --global
skillsauthnpx skillsauth add carterdea/dots qaInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:28 AM6.4s1 file scanned
SKILL.md
- name:
- qa
- description:
- Verify completed work in the browser using QA notes from a plan file
- user-invocable:
- true
QA
Verify completed work in the browser using QA notes from a plan file.
Usage
/qa docs/my_feature_PLAN.md --url http://localhost:3000 /qa docs/my_feature_PLAN.md /qa
Browser Tool Selection
Default to agent-browser CLI. Before using any browser tool, detect what's available:
command -v agent-browser 2>/dev/null && echo "FOUND:agent-browser" || echo "MISSING:agent-browser"
Priority order:
- agent-browser (preferred) -- use
agent-browser open,agent-browser snapshot -i,agent-browser click,agent-browser fill,agent-browser screenshot, etc. Invoke the/agent-browserskill for full command reference. - Playwright CLI (fallback) -- use if agent-browser is not installed
- Chrome MCP (last resort) -- only if neither CLI tool is available
Do NOT use Chrome MCP (mcp__claude-in-chrome__*) when agent-browser is installed.
Steps
-
Find the plan (file path or conversation history). Scan for unchecked
- [ ] QA:items. If none, stop. -
Detect the dev server URL (
--url, or check common ports and project config). If nothing's running, ask. -
List the QA items grouped by phase and confirm before starting.
-
Launch the browser using the selected tool (see Browser Tool Selection above):
agent-browser:
agent-browser open <dev-server-url> agent-browser snapshot -iPlaywright CLI (fallback):
playwright-cli open <dev-server-url> --headedIf auth is needed, check for cached state:
- agent-browser:
agent-browser state load .playwright/.auth/qa-state.json - playwright-cli:
playwright-cli state-load .playwright/.auth/qa-state.json
If no cached state exists, ask the user for credentials, log in via CLI commands, then persist state.
If neither CLI tool can complete auth (MFA, CAPTCHA, OAuth), fall back to Chrome MCP and have the user log in manually.
- agent-browser:
-
For each
- [ ] QA:item:- Read the instruction and relevant source code
- Navigate and interact using the selected browser tool (agent-browser or Playwright CLI)
- Take a snapshot to inspect page state (
agent-browser snapshot -ior equivalent) - Screenshot the result and save to qa/
- Pass: check it off
- [x] QA: - Fail: leave unchecked, add a
> FAIL:annotation describing what went wrong - Continue to next item regardless of pass/fail
-
Close the browser session when finished.
-
Summarize: passed, failed, skipped. If all passed, suggest
/pre-pr. If any failed, suggest re-running/execute-planto fix them.
Rules
- Only verify -- never fix code
- Update the plan file after each item, not in batches
- Never store credentials in the plan file or reports
- Add
.playwright/.auth/to.gitignorewhen creating auth state - Prefer
snapshotoverscreenshotfor page inspection -- snapshots are token-efficient and provide element references for subsequent commands
Related Skills
carterdea/vertical-feature-architect
development
VerifiedTrustedCommunity
Add net-new product, workflow, platform, or developer-experience features as small vertical slices. Use this skill whenever the user asks to build a new feature, add a new page/route/API/workflow/job/eval/operator path, enrich an existing feature with a new user-visible capability, or plan feature architecture before coding. This skill maps the files to change or create, defines the authoritative contract, specifies tests, and gives a QA plan before treating the feature as done.
1SKILL.mdUpdated Jun 12, 2026
carterdea/trello-qa
development
VerifiedTrustedCommunity
Verify a developer's finished Trello ticket on a non-Shopify web app and render a verdict. Dogfood the posted preview (desktop + mobile) against the card's acceptance criteria, then PASS it (approve the PR, move to Ready for Release) or FAIL it (request changes, attach repro, reassign the dev, move to Development). Read-only: never implements, commits, or opens a PR. Use when asked to 'QA this card', 'test before release', or 'sign off on this ticket'. Shopify themes use shopify-trello-qa; building a ticket uses trello-delivery.
1SKILL.mdUpdated Jun 12, 2026
carterdea/shopify-trello-qa
development
VerifiedTrustedCommunity
Verify a developer's finished Shopify theme ticket and render a verdict. Dogfood the posted preview theme and Customizer (desktop + mobile) against the card's acceptance criteria and Figma, then PASS it (approve the PR, move to Ready for Release) or FAIL it (request changes, attach repro, reassign the dev, move to Development). Read-only: never implements, commits, deploys, or opens a PR. Use when asked to 'QA this Shopify card', 'verify the Ready for Testing card', or 'sign off on this theme ticket'. Non-Shopify apps use trello-qa; building a ticket uses shopify-trello-delivery.
1SKILL.mdUpdated Jun 12, 2026
carterdea/improve
development
VerifiedTrustedCommunity
Survey any codebase as a senior advisor and produce prioritized, self-contained implementation plans for OTHER models/agents to execute. Strictly read-only on source code — never implements, fixes, or refactors anything itself. Use when asked to audit a codebase, find improvement opportunities (bugs, security, performance, test coverage, tech debt, migrations, DX), suggest features or where to take the project next (roadmap, product direction), or generate handoff plans for another agent to implement.
1SKILL.mdUpdated Jun 12, 2026