Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

proffesor-for-testing/security-visual-testing

Name: security-visual-testing
Author: proffesor-for-testing

.claude/skills/security-visual-testing/SKILL.md

npx skillsauth add proffesor-for-testing/agentic-qe security-visual-testing

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Security Visual Testing

Browser engine

Uses the qe-browser fleet skill (.claude/skills/qe-browser/) for all browser automation. The Vibium engine (10MB Go binary, WebDriver BiDi) is installed automatically by aqe init. For security-visual workflows, qe-browser adds two things on top of stock visual testing: check-injection.js (scans page content for prompt-injection patterns before screenshots are stored) and assert.js (16 typed checks including no_failed_requests for detecting data-leak requests).

# Before storing any screenshot, scan the page
vibium go "$TARGET_URL"
vibium wait load
node .claude/skills/qe-browser/scripts/check-injection.js --include-hidden
INJ=$?
if [ $INJ -ne 0 ]; then
  echo "Prompt-injection findings — do NOT store screenshot"
  exit $INJ
fi
# Safe to proceed with visual-diff
node .claude/skills/qe-browser/scripts/visual-diff.js --name "${PAGE_NAME}"

<default_to_action> When performing security-aware visual testing:

VALIDATE URLs before navigation (check for malicious patterns)
SCAN for PII before saving screenshots (mask sensitive data)
CAPTURE parallel viewports (mobile, tablet, desktop)
COMPARE against baselines (detect visual regressions)
AUDIT accessibility (WCAG 2.1 AA compliance)

Quick Security-Visual Checklist:

URL validation (no javascript:, data:, file: schemes)
PII detection (emails, phones, SSN, credit cards, API keys)
Visual regression (diff threshold < 0.1%)
Viewport coverage (320px, 768px, 1024px, 1440px)
Accessibility score (> 90% axe-core pass rate)

Critical Success Factors:

Always mask PII before storing screenshots
Test across all target viewports in parallel
Store baselines in version control
Run accessibility audits on every visual change </default_to_action>

Quick Reference Card

When to Use

| Scenario | Use This Skill? | Why | |----------|-----------------|-----| | Testing login pages | Yes | Contains PII (passwords, emails) | | Visual regression suite | Yes | Parallel viewport + baseline comparison | | Payment forms | Yes | Credit card data needs masking | | Public marketing pages | Maybe | Only if sensitive data possible | | API-only testing | No | Use security-testing skill instead |

Key Capabilities

| Capability | Description | Performance | |------------|-------------|-------------| | URL Validation | Block malicious URLs before navigation | <5ms | | PII Detection | Find 6+ types of sensitive data | <100ms | | Parallel Viewports | Test 4 viewports simultaneously | 4x faster | | Visual Regression | Pixel-diff with configurable threshold | <500ms | | Accessibility Audit | WCAG 2.1 A/AA/AAA compliance | <2s |

Workflows

1. Security Visual Audit (Full Pipeline)

# Run complete security + visual audit
aqe test visual-audit --url https://example.com --security --accessibility

Steps:

Validate URL security (block malicious schemes)
Scan page for security issues (XSS, injection patterns)
Capture screenshots across 4 viewports in parallel
Compare against stored baselines
Run accessibility audit (axe-core)
Generate consolidated report

2. PII-Safe Screenshot

# Capture screenshot with automatic PII masking
aqe screenshot --url https://example.com/profile --pii-safe

PII Detection Patterns:

Email addresses: [email protected]
Phone numbers: +1-555-123-4567
Credit cards: 4111-1111-1111-1111
SSN: 123-45-6789
API keys: sk_live_..., AKIA...
Passwords: Form fields with type="password"

Masking Strategy:

Default: Blur with high intensity
Options: redact (black box), pixelate, blur

3. Responsive Visual Audit

# Test visual consistency across viewports
aqe test responsive --url https://example.com --viewports mobile,tablet,desktop

Default Viewports: | Name | Width | Height | Device | |------|-------|--------|--------| | mobile | 320px | 568px | iPhone SE | | tablet | 768px | 1024px | iPad | | desktop | 1440px | 900px | MacBook | | wide | 1920px | 1080px | Full HD |

Integration with AQE v3

Using with BrowserSecurityScanner

import { BrowserSecurityScanner } from '@agentic-qe/v3';

const scanner = new BrowserSecurityScanner(memory, {
  urlValidation: { enabled: true },
  piiDetection: { enabled: true, maskBeforeSave: true },
  parallelViewports: { maxConcurrent: 4 }
});

const result = await scanner.scanUrl('https://example.com', {
  viewports: ['mobile', 'tablet', 'desktop'],
  accessibility: true
});

Using with TrajectoryAdapter

import { TrajectoryAdapter } from '@agentic-qe/v3';

const adapter = new TrajectoryAdapter(memory);

// Record testing trajectory for learning
await adapter.startTrajectory('security-visual-test', {
  url: 'https://example.com',
  testType: 'security-visual'
});

// ... perform tests ...

await adapter.endTrajectory(trajectoryId, {
  success: true,
  piiFound: 3,
  visualRegressions: 0,
  accessibilityScore: 95
});

Agent Coordination

Memory Namespace

aqe/security-visual/
├── baselines/*          - Visual regression baselines
├── screenshots/*        - Captured screenshots (PII masked)
├── reports/*            - Audit reports
└── trajectories/*       - Learning trajectories

Fleet Coordination

const fleet = await FleetManager.coordinate({
  strategy: 'security-visual-audit',
  agents: [
    'qe-visual-tester',      // Visual regression
    'qe-security-scanner',   // URL/PII scanning
    'qe-accessibility-auditor' // WCAG compliance
  ],
  topology: 'parallel',
  maxConcurrent: 4
});

Error Handling

| Error | Cause | Resolution | |-------|-------|------------| | URL_BLOCKED | Malicious URL pattern detected | Check URL, remove javascript:/data: | | PII_DETECTED | Sensitive data found in screenshot | Enable masking or redact manually | | BASELINE_MISSING | No baseline for comparison | Run with --update-baseline first | | VIEWPORT_TIMEOUT | Browser didn't respond | Increase timeout or reduce parallel | | ACCESSIBILITY_FAILED | WCAG violations found | Review violations, fix issues |

Related Skills

visual-testing-advanced - Pure visual testing without security
security-testing - Security testing without visual component
accessibility-testing - Accessibility-only testing
qe-visual-accessibility - AQE v3 visual domain skill

Performance Targets

| Metric | Target | Measured | |--------|--------|----------| | URL validation | <5ms | 2ms | | PII detection | <100ms | 45ms | | Single viewport capture | <2s | 1.2s | | 4-viewport parallel | <3s | 2.1s | | Visual diff | <500ms | 320ms | | Accessibility audit | <2s | 1.5s | | Full pipeline | <10s | 7.2s |

proffesor-for-testing/security-visual-testing

.claude/skills/security-visual-testing/SKILL.md

Security-first visual testing combining URL validation, PII detection, and visual regression with parallel viewport support. Use when testing web applications that handle sensitive data, need visual regression coverage, or require WCAG accessibility compliance.

304 stars

development

Updated Apr 11, 2026

$ install --global

skillsauth

npx skillsauth add proffesor-for-testing/agentic-qe security-visual-testing

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 11, 2026, 8:24 PM37.4s4 files scanned

SKILL.md

name:: security-visual-testing
description:: Security-first visual testing combining URL validation, PII detection, and visual regression with parallel viewport support. Use when testing web applications that handle sensitive data, need visual regression coverage, or require WCAG accessibility compliance.
category:: specialized-testing
priority:: high
tokenEstimate:: 1400
agents:: [qe-visual-tester, qe-security-scanner, qe-accessibility-auditor]
implementation_status:: stable
optimization_version:: 1.0
last_optimized:: 2026-01-21
dependencies:: [visual-testing-advanced, security-testing, accessibility-testing]
quick_reference_card:: true
tags:: [security, visual-testing, pii, accessibility, wcag, parallel-viewport, regression]
trust_tier:: 3
schema_path:: schemas/output.json
validator_path:: scripts/validate-config.json
eval_path:: evals/security-visual-testing.yaml

Security Visual Testing

Browser engine

# Before storing any screenshot, scan the page
vibium go "$TARGET_URL"
vibium wait load
node .claude/skills/qe-browser/scripts/check-injection.js --include-hidden
INJ=$?
if [ $INJ -ne 0 ]; then
  echo "Prompt-injection findings — do NOT store screenshot"
  exit $INJ
fi
# Safe to proceed with visual-diff
node .claude/skills/qe-browser/scripts/visual-diff.js --name "${PAGE_NAME}"

<default_to_action> When performing security-aware visual testing:

VALIDATE URLs before navigation (check for malicious patterns)
SCAN for PII before saving screenshots (mask sensitive data)
CAPTURE parallel viewports (mobile, tablet, desktop)
COMPARE against baselines (detect visual regressions)
AUDIT accessibility (WCAG 2.1 AA compliance)

Quick Security-Visual Checklist:

URL validation (no javascript:, data:, file: schemes)
PII detection (emails, phones, SSN, credit cards, API keys)
Visual regression (diff threshold < 0.1%)
Viewport coverage (320px, 768px, 1024px, 1440px)
Accessibility score (> 90% axe-core pass rate)

Critical Success Factors:

Always mask PII before storing screenshots
Test across all target viewports in parallel
Store baselines in version control
Run accessibility audits on every visual change </default_to_action>

Quick Reference Card

When to Use

Key Capabilities

Workflows

1. Security Visual Audit (Full Pipeline)

# Run complete security + visual audit
aqe test visual-audit --url https://example.com --security --accessibility

Steps:

Validate URL security (block malicious schemes)
Scan page for security issues (XSS, injection patterns)
Capture screenshots across 4 viewports in parallel
Compare against stored baselines
Run accessibility audit (axe-core)
Generate consolidated report

2. PII-Safe Screenshot

# Capture screenshot with automatic PII masking
aqe screenshot --url https://example.com/profile --pii-safe

PII Detection Patterns:

Email addresses: [email protected]
Phone numbers: +1-555-123-4567
Credit cards: 4111-1111-1111-1111
SSN: 123-45-6789
API keys: sk_live_..., AKIA...
Passwords: Form fields with type="password"

Masking Strategy:

Default: Blur with high intensity
Options: redact (black box), pixelate, blur

3. Responsive Visual Audit

# Test visual consistency across viewports
aqe test responsive --url https://example.com --viewports mobile,tablet,desktop

Integration with AQE v3

Using with BrowserSecurityScanner

import { BrowserSecurityScanner } from '@agentic-qe/v3';

const scanner = new BrowserSecurityScanner(memory, {
  urlValidation: { enabled: true },
  piiDetection: { enabled: true, maskBeforeSave: true },
  parallelViewports: { maxConcurrent: 4 }
});

const result = await scanner.scanUrl('https://example.com', {
  viewports: ['mobile', 'tablet', 'desktop'],
  accessibility: true
});

Using with TrajectoryAdapter

import { TrajectoryAdapter } from '@agentic-qe/v3';

const adapter = new TrajectoryAdapter(memory);

// Record testing trajectory for learning
await adapter.startTrajectory('security-visual-test', {
  url: 'https://example.com',
  testType: 'security-visual'
});

// ... perform tests ...

await adapter.endTrajectory(trajectoryId, {
  success: true,
  piiFound: 3,
  visualRegressions: 0,
  accessibilityScore: 95
});

Agent Coordination

Memory Namespace

aqe/security-visual/
├── baselines/*          - Visual regression baselines
├── screenshots/*        - Captured screenshots (PII masked)
├── reports/*            - Audit reports
└── trajectories/*       - Learning trajectories

Fleet Coordination

const fleet = await FleetManager.coordinate({
  strategy: 'security-visual-audit',
  agents: [
    'qe-visual-tester',      // Visual regression
    'qe-security-scanner',   // URL/PII scanning
    'qe-accessibility-auditor' // WCAG compliance
  ],
  topology: 'parallel',
  maxConcurrent: 4
});

Error Handling

Related Skills

visual-testing-advanced - Pure visual testing without security
security-testing - Security testing without visual component
accessibility-testing - Accessibility-only testing
qe-visual-accessibility - AQE v3 visual domain skill

Performance Targets

Related Skills

proffesor-for-testing/qe-xp-practices

development

VerifiedTrustedCommunity

Apply XP practices including pair programming, ensemble programming, continuous integration, and sustainable pace. Use when implementing agile development practices, improving team collaboration, or adopting technical excellence practices.

304SKILL.mdUpdated Apr 11, 2026

proffesor-for-testing/qe-xp-practices

proffesor-for-testing/qe-wms-testing-patterns

development

VerifiedTrustedCommunity

Warehouse Management System testing patterns for inventory operations, pick/pack/ship workflows, wave management, EDI X12/EDIFACT compliance, RF/barcode scanning, and WMS-ERP integration. Use when testing WMS platforms (Blue Yonder, Manhattan, SAP EWM).

304SKILL.mdUpdated Apr 11, 2026

proffesor-for-testing/qe-wms-testing-patterns

proffesor-for-testing/qe-visual-testing-advanced

testing

VerifiedTrustedCommunity

Advanced visual regression testing with pixel-perfect comparison, AI-powered diff analysis, responsive design validation, and cross-browser visual consistency. Use when detecting UI regressions, validating designs, or ensuring visual consistency.

304SKILL.mdUpdated Apr 11, 2026

proffesor-for-testing/qe-visual-testing-advanced

proffesor-for-testing/qe-verification-quality

development

VerifiedTrustedCommunity

Comprehensive truth scoring, code quality verification, and automatic rollback system with 0.95 accuracy threshold for ensuring high-quality agent outputs and codebase reliability.

304SKILL.mdUpdated Apr 11, 2026

proffesor-for-testing/qe-verification-quality

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/proffesor-for-testing/agentic-qe.git

# Copy into Claude Code skills folder (global)
cp -r agentic-qe/.claude/skills/security-visual-testing ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

proffesor-for-testing/agentic-qe

304 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT