Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

lucianghinda/improving-testing

Name: improving-testing
Author: lucianghinda

skills/improving-testing/SKILL.md

npx skillsauth add lucianghinda/agentic-skills improving-testing

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Improving Testing

When to Use

Use when user asks:

"What should I test for this feature?"
"How do I test edge cases?"
"Review my tests"
"What cases am I missing?"
"Help me pick test cases"
"How to test validation/permissions/state machines?"

Do NOT Use When

User wants to run existing tests (use terminal)
User wants test code generation without design planning
User asks about test framework setup or tooling
User asks about CI/CD pipeline configuration

Inputs (ask if missing)

Feature in one sentence
Biggest risks (user harm, money, trust, security)
Inputs and constraints (types, ranges, formats)
Roles and permissions
States and transitions

If unknown, assume and state assumptions.

Workflow

Step 1: Define the goal

Pick the primary goal:

Verify requirement
Document behavior
Prevent regressions in risky areas

Step 2: Identify risks

List 3 to 7 risks. Prefer:

Permissions, security, privacy
Money and data integrity
Complex branching logic
Stateful behavior
Boundary and validation failures

Step 3: Design cases before writing tests

Pick the technique that matches the problem:

Equivalence classes: representative per group
Boundary values: min, max, just below, just above
Decision table: combinations of conditions
State transitions: allowed and forbidden transitions

For each rule, include:

One positive case
One negative case
One edge case (boundary, empty, null, max length, weird chars)

Write each test idea as:

Preconditions
Inputs
Action
Expected result (oracle)

Step 4: Plan test data

For each case, define representative data:

One value per equivalence class
Boundary values for ranges and lengths
Clearly named examples (avoid random data)

Step 5: Review and harden the tests

Check each test for:

Correctness: matches requirement and risk
Strength: fails for the right reason
Relevance: covers risky paths, not only happy path
Determinism: no time, randomness, network, ordering leaks
Maintainability: clear setup, focused assertions, minimal noise
Gaps: which risks have zero tests?
Redundancy: which tests repeat the same behavior?

Never weaken assertions just to make the test pass. Fix the code or redesign the test.

Step 6: Coverage guidance

Line coverage is a baseline
Prefer decision or branch coverage for branching logic
Raise coverage mainly in high risk areas

Output Format

Rules applied
Mini test plan
Smallest useful set of cases
Review notes (only if tests provided)
Bug report (only if failure reported)

Rules Checklist

Start with risk. Test what could hurt users, money, or trust.
Write the test idea before the test code. A sentence like: "If X, then Y, because Z risk."
Always include: positive, negative, edge. Do not stop at happy path.
Use partitions and boundaries. Pick one representative per group, then test edges.
When conditions combine, use a decision table. Map the combinations, then pick the smallest set that covers the rules.
When behavior changes by state, test transitions. Test one allowed and one forbidden transition.
One test, one point. Split mixed tests.
Name tests by behavior. Use "when ... it ..." naming.
Assert outcomes, not steps. Prefer results and side effects over internal calls.
Keep tests deterministic. Avoid time, randomness, network calls, and order dependence.
Regularly check gaps and redundancy. Add missing tests for risky rules. Remove duplicates that prove the same thing.

Examples

Example 1: Validation with boundaries

Rules applied:

Always include: positive, negative, edge
Test the edges first

Mini test plan:

Feature: User age must be 18+
Risks: underage access, off-by-one bug
Technique: Boundary values

Smallest useful set of cases: | Input | Expected | Type | |-------|----------|------| | age 18 | accepted | positive | | age 17 | rejected | negative | | age missing | rejected | edge |

Review notes: Assert the validation error, not a generic success response.

Example 2: Permissions with roles

Rules applied:

Test risky actions (delete, refund, export)
Use a small decision table

Mini test plan:

Feature: Only admins can delete posts
Risks: unauthorized data loss
Technique: Decision table (role x action)

Smallest useful set of cases: | Actor | Action | Expected | Type | |-------|--------|----------|------| | admin | delete | allowed | positive | | non-admin | delete | forbidden | negative | | unauthenticated | delete | forbidden | edge |

Review notes: Assert status and side effect (record removed), not internal method calls.

Example 3: Combined conditions (decision table)

Rules applied:

Map combinations, do not guess
Assert the final outcome

Mini test plan:

Feature: Discount applies when (member AND cart >= 100) OR promo_code valid
Risks: wrong price charged
Technique: Decision table

Smallest useful set of cases: | Member | Cart | Promo | Expected | Type | |--------|------|-------|----------|------| | yes | 100 | - | discount | positive | | yes | 99 | - | no discount | edge | | no | 20 | valid | discount | positive | | no | 200 | invalid | no discount | negative |

Review notes: Assert final price, not intermediate flags.

Example 4: State transitions

Rules applied:

Test one allowed and one forbidden transition
State bugs are common regressions

Mini test plan:

Feature: Invoice can be paid only if issued
Risks: invalid financial state
Technique: State transitions

Smallest useful set of cases: | From State | Action | Expected | Type | |------------|--------|----------|------| | issued | pay | allowed | positive | | draft | pay | forbidden | negative | | paid | pay again | forbidden | edge |

Review notes: Assert final state and single payment record.

Example 5: Bug report format

When user reports a failure, produce a bug report:

Title: [Brief description]
Environment: [OS, browser, version]
Preconditions: [Required state before reproducing]
Steps to reproduce:
  1. ...
  2. ...
Expected result: [What should happen]
Actual result: [What actually happened]
Severity: [Critical/High/Medium/Low]
Notes / logs: [Relevant error messages or logs]

lucianghinda/improving-testing

skills/improving-testing/SKILL.md

Produces practical, risk-based testing guidance and minimal test plans for features or changes. Use when user asks what to test, how to pick test cases (boundaries, permissions, state machines), how to improve weak tests, or to review existing tests. Covers equivalence partitions, boundary values, decision tables, and state transitions.

5 stars

testing

Updated Apr 7, 2026

$ install --global

skillsauth

npx skillsauth add lucianghinda/agentic-skills improving-testing

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 7, 2026, 2:35 AM27.8s1 file scanned

SKILL.md

name:: improving-testing
description:: Produces practical, risk-based testing guidance and minimal test plans for features or changes. Use when user asks what to test, how to pick test cases (boundaries, permissions, state machines), how to improve weak tests, or to review existing tests. Covers equivalence partitions, boundary values, decision tables, and state transitions.

Improving Testing

When to Use

Use when user asks:

"What should I test for this feature?"
"How do I test edge cases?"
"Review my tests"
"What cases am I missing?"
"Help me pick test cases"
"How to test validation/permissions/state machines?"

Do NOT Use When

User wants to run existing tests (use terminal)
User wants test code generation without design planning
User asks about test framework setup or tooling
User asks about CI/CD pipeline configuration

Inputs (ask if missing)

Feature in one sentence
Biggest risks (user harm, money, trust, security)
Inputs and constraints (types, ranges, formats)
Roles and permissions
States and transitions

If unknown, assume and state assumptions.

Workflow

Step 1: Define the goal

Pick the primary goal:

Verify requirement
Document behavior
Prevent regressions in risky areas

Step 2: Identify risks

List 3 to 7 risks. Prefer:

Permissions, security, privacy
Money and data integrity
Complex branching logic
Stateful behavior
Boundary and validation failures

Step 3: Design cases before writing tests

Pick the technique that matches the problem:

Equivalence classes: representative per group
Boundary values: min, max, just below, just above
Decision table: combinations of conditions
State transitions: allowed and forbidden transitions

For each rule, include:

One positive case
One negative case
One edge case (boundary, empty, null, max length, weird chars)

Write each test idea as:

Preconditions
Inputs
Action
Expected result (oracle)

Step 4: Plan test data

For each case, define representative data:

One value per equivalence class
Boundary values for ranges and lengths
Clearly named examples (avoid random data)

Step 5: Review and harden the tests

Check each test for:

Correctness: matches requirement and risk
Strength: fails for the right reason
Relevance: covers risky paths, not only happy path
Determinism: no time, randomness, network, ordering leaks
Maintainability: clear setup, focused assertions, minimal noise
Gaps: which risks have zero tests?
Redundancy: which tests repeat the same behavior?

Never weaken assertions just to make the test pass. Fix the code or redesign the test.

Step 6: Coverage guidance

Line coverage is a baseline
Prefer decision or branch coverage for branching logic
Raise coverage mainly in high risk areas

Output Format

Rules applied
Mini test plan
Smallest useful set of cases
Review notes (only if tests provided)
Bug report (only if failure reported)

Rules Checklist

Start with risk. Test what could hurt users, money, or trust.
Write the test idea before the test code. A sentence like: "If X, then Y, because Z risk."
Always include: positive, negative, edge. Do not stop at happy path.
Use partitions and boundaries. Pick one representative per group, then test edges.
When conditions combine, use a decision table. Map the combinations, then pick the smallest set that covers the rules.
When behavior changes by state, test transitions. Test one allowed and one forbidden transition.
One test, one point. Split mixed tests.
Name tests by behavior. Use "when ... it ..." naming.
Assert outcomes, not steps. Prefer results and side effects over internal calls.
Keep tests deterministic. Avoid time, randomness, network calls, and order dependence.
Regularly check gaps and redundancy. Add missing tests for risky rules. Remove duplicates that prove the same thing.

Examples

Example 1: Validation with boundaries

Rules applied:

Always include: positive, negative, edge
Test the edges first

Mini test plan:

Feature: User age must be 18+
Risks: underage access, off-by-one bug
Technique: Boundary values

Smallest useful set of cases: | Input | Expected | Type | |-------|----------|------| | age 18 | accepted | positive | | age 17 | rejected | negative | | age missing | rejected | edge |

Review notes: Assert the validation error, not a generic success response.

Example 2: Permissions with roles

Rules applied:

Test risky actions (delete, refund, export)
Use a small decision table

Mini test plan:

Feature: Only admins can delete posts
Risks: unauthorized data loss
Technique: Decision table (role x action)

Review notes: Assert status and side effect (record removed), not internal method calls.

Example 3: Combined conditions (decision table)

Rules applied:

Map combinations, do not guess
Assert the final outcome

Mini test plan:

Feature: Discount applies when (member AND cart >= 100) OR promo_code valid
Risks: wrong price charged
Technique: Decision table

Review notes: Assert final price, not intermediate flags.

Example 4: State transitions

Rules applied:

Test one allowed and one forbidden transition
State bugs are common regressions

Mini test plan:

Feature: Invoice can be paid only if issued
Risks: invalid financial state
Technique: State transitions

Review notes: Assert final state and single payment record.

Example 5: Bug report format

When user reports a failure, produce a bug report:

Title: [Brief description]
Environment: [OS, browser, version]
Preconditions: [Required state before reproducing]
Steps to reproduce:
  1. ...
  2. ...
Expected result: [What should happen]
Actual result: [What actually happened]
Severity: [Critical/High/Medium/Low]
Notes / logs: [Relevant error messages or logs]

Related Skills

lucianghinda/pr-description

documentation

VerifiedTrustedCommunity

Write GitHub Pull Request descriptions from branch commits. Use when user asks to write a PR description, create a PR summary, or document changes for a pull request. Analyzes git commits and diffs to produce structured PR documentation.

5SKILL.mdUpdated Apr 7, 2026

lucianghinda/pr-description

lucianghinda/commit-message

testing

VerifiedTrustedCommunity

Generate high-quality git commit messages following Conventional Commits and Chris Beams' Seven Rules. Infers WHY from context and provides clear guidance on structure, scope, and body content.

5SKILL.mdUpdated Apr 7, 2026

lucianghinda/commit-message

steipete/skill-creator

testing

VerifiedTrustedCommunity

Create, edit, improve, or audit AgentSkills. Use when creating a new skill from scratch or when asked to improve, review, audit, tidy up, or clean up an existing skill or SKILL.md file. Also use when editing or restructuring a skill directory (moving files to references/ or scripts/, removing stale content, validating against the AgentSkills spec). Triggers on phrases like "create a skill", "author a skill", "tidy up a skill", "improve this skill", "review the skill", "clean up the skill", "audit the skill".

356,423SKILL.mdUpdated Apr 13, 2026

steipete/skill-creator

steipete/healthcheck

testing

VerifiedTrustedCommunity

Host security hardening and risk-tolerance configuration for OpenClaw deployments. Use when a user asks for security audits, firewall/SSH/update hardening, risk posture, exposure review, OpenClaw cron scheduling for periodic checks, or version status checks on a machine running OpenClaw (laptop, workstation, Pi, VPS).

356,423SKILL.mdUpdated Apr 13, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/lucianghinda/agentic-skills.git

# Copy into Claude Code skills folder (global)
cp -r agentic-skills/skills/improving-testing ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

lucianghinda/agentic-skills

5 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT