luan/test-plan
skills/test-plan/SKILL.md
Analyze current diff, classify changes by risk, and produce structured manual test plan. Triggers: 'test plan', 'what should I test', 'manual testing', 'verification steps', 'QA checklist'. Exits early for trivial changes. Do NOT use when: writing automated tests — use /develop with TDD. Do NOT use when: reviewing code quality — use /crit instead.
$ install --global
skillsauthnpx skillsauth add luan/dot-claude test-planInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 30, 2026, 1:09 PM9.5s1 file scanned
SKILL.md
- name:
- test-plan
- description:
- Analyze current diff, classify changes by risk, and produce structured manual test plan. Triggers: 'test plan', 'what should I test', 'manual testing', 'verification steps', 'QA checklist'. Exits early for trivial changes. Do NOT use when: writing automated tests — use /develop with TDD. Do NOT use when: reviewing code quality — use /crit instead.
- argument-hint:
- [base..head | file-list | PR#]
- user-invocable:
- true
- model:
- sonnet
- context:
- fork
- agent:
- general-purpose
Test Plan
Analyze changes, classify by risk, produce structured manual test plan. Auto-exits for trivial changes.
Context
Stat: !git diff --stat HEAD 2>/dev/null
Files: !git diff --name-only HEAD 2>/dev/null
Interviewing
See rules/skill-interviewing.md.
Step 1: Scope
Use injected Stat/Files above for the no-args case. Override with $ARGUMENTS:
| Input | Diff source |
| ------------ | -------------------------- |
| main..HEAD | git diff main..HEAD |
| file list | git diff HEAD -- <files> |
| #123 | gh pr diff 123 |
Early exit. ALL files trivial (after excluding never-trivial files) → ## Test Plan: No Manual Testing Required + stat output.
Trivial: _.md (except SKILL.md, CLAUDE.md, _.mdx), *.txt, LICENSE, CHANGELOG, comment-only, whitespace-only, CI metadata.
SKILL.md, CLAUDE.md, and *.mdx are never trivial — executable specs that change agent behavior. Analyze with code rigor: what behavior changed, what could break, what to verify.
Step 2: Analyze
Read the full diff. Classify each changed file by risk and type. Include a 1-sentence justification per file referencing the specific change characteristic (e.g., "Critical — modifies auth token validation logic").
Risk Levels
| Level | Scope | Verification | | ------------ | ------------------------------------------------------------------------------------- | --------------------------- | | Critical | Data loss or security breach risk (auth, persistence, payments, security, infra) | Test first, most thoroughly | | High | User-visible behavior (UI, API contracts, business logic, error handling, perf paths) | Full verification steps | | Medium | Indirect impact (refactors changing control flow, dep updates, logging, build config) | Targeted verification | | Low | Unlikely user-facing (style fixes, adding tests, code comments, dev tooling) | Spot-check only |
Multiple levels apply → use highest. A refactor touching auth logic is Critical, not Medium.
Change Types
Tag each file: new-feature, behavior-change, refactor, bugfix, config, dependency.
Step 3: Generate
Group verification steps by risk (highest first). Every component must reference domain-specific terms from the diff (function names, endpoints, error messages) — no generic language. Each step:
- What — specific behavior to verify
- How — concrete reproducible actions (e.g., "call
paginate(page=1, size=10)", "POST/api/auth/loginwith expired token"). Spec changes: invoke skill with specific trigger/argument, verify behavioral change. - Expected — observable correct outcome
- Regression — adjacent functionality to confirm
Output structure:
## Test Plan: <scope summary>
Risk: N critical, N high, N medium, N low
Effort: quick (5min — single-file, Low/Medium risk) | moderate (15min — multi-file, High risk) | thorough (30min+ — any Critical risk present)
### Critical Risk
<verification steps>
### High Risk
<verification steps>
### Low Risk (spot-check)
<brief list>
### Regression Checklist
- [ ] <adjacent area>
Omit empty risk sections. All Low → spot-check list only.
For refactors: focus on behavior preservation — same inputs → same outputs. For bugfixes: include original reproduction steps + edge cases around fix boundary.
Step 4: Output
Present the plan and stop.
Related Skills
luan/sym
tools
VerifiedTrustedCommunity
Tree-sitter indexed code navigator (ct sym CLI). Use INSTEAD OF Read/Grep/Glob/Bash when exploring existing code, understanding how something works, locating a symbol, tracing the call graph up (impact) or down (trace), finding implementations of an interface, scoping a diff to one symbol, or preparing to edit code you have not read yet. Triggers: 'how does X work', 'explain this class/file/symbol', 'walk me through X', 'what does X do', 'where is X defined', 'who calls X', 'what does X call', 'find implementations of', 'what breaks if I change X', 'outline this file', 'map imports', 'show me this symbol', exploring unfamiliar repo, tracing call graph, scoping diff to a symbol, preparing to edit code I haven't read, about to Read a file over ~500 lines to understand it. Do NOT use for: writing new code from scratch, editing prose or config, running tests, or when a stack trace already names the file and line.
4SKILL.mdUpdated Apr 22, 2026
luan/vibe
development
VerifiedTrustedCommunity
Fully autonomous development workflow from prompt to commit. Chains spec → develop → review → commit. Triggers: /vibe, 'vibe this', 'autonomous workflow', 'just do it all', 'build this end-to-end', 'full pipeline', 'handle everything'.
4SKILL.mdUpdated Apr 21, 2026
luan/vault-sweep
development
VerifiedTrustedCommunity
Comprehensive vault maintenance — cross-references blueprints against codebase state to produce a maintenance plan: archive consumed artifacts, audit docs for staleness, propose new docs for undocumented stable systems. Triggers: 'vault sweep', 'sweep the vault', 'clean up vault', 'vault maintenance', 'what can we archive', 'audit blueprints', 'vault hygiene', 'blueprint cleanup'. Use whenever the user wants a holistic view of vault health rather than archiving a single artifact (that's /archive). Also use when the user asks what's stale, what needs docs, or whether artifacts can be cleaned up.
4SKILL.mdUpdated Apr 21, 2026
luan/supervibe
development
VerifiedTrustedCommunity
Goal-directed autonomous development — reads the spec, breaks it into chunks, runs each as a vibe cycle. Triggers: /supervibe, 'super vibe', 'multi-phase', 'keep going until done'.
4SKILL.mdUpdated Apr 21, 2026