Loading...
Loading...
Found 54 Skills
Invoke this skill when a user shares test code and questions whether it actually works as intended — not to run or fix the test, but to evaluate whether the test has real value. Triggers on: "is this test any good?", "would this catch a real bug?", "this test always passes — is that normal?", "review these tests before I commit", or "does this test verify anything meaningful?". Also triggers when someone suspects a test is useless, wants a pre-commit quality gate, or is unsure if an auto-generated test is worth keeping. The core question this skill answers: "Would this test fail if the feature broke?" If not, the test gets rejected. Do NOT use for generating new tests, fixing failing tests, or exploring application features.
HelpMeTest API library — write Robot Framework tests that make HTTP requests through the browser session (auth cookies included automatically). Use when user wants to test REST APIs, write API tests, chain requests, assert JSON fields, test CRUD flows, debug a failing API call, or use keywords like GET/POST/PUT/PATCH/DELETE/CURL. Triggers on: 'test the API', 'call this endpoint', 'check the response', 'POST /api/...', 'GET /api/...', 'write api tests', 'assert json', 'api returns 4xx', 'why is /api/x returning 401', 'debug this api call'. Also self-invokes when another test reveals an API call returning an unexpected status and you want to investigate or reproduce it in isolation.
Compare two security audit reports to track remediation progress and identify new vulnerabilities.
Test if user signup is open and identify potential abuse vectors in the registration process.
1. Greet and introduce yourself. Use this when the user says "你好", "hello", or asks for a self-introduction.
Generate penetration testing reports in standard format, including project information sheet, vulnerability discovery list, detailed vulnerability information (including attribute sheet, description, reproduction steps, evidence screenshots, remediation suggestions), and appendices (risk level definition, CVSS explanation, glossary). Use this skill when users request to generate penetration testing reports, security testing reports, or vulnerability reports. Strictly follow the standard format in the project template directory.
Instant visual verification via screenshots. For quick checks like 'does button look blue', 'is layout centered', 'header look right on mobile'. Fast alternative to formal testing - just look and confirm. Use when user wants visual inspection without creating test files.
Test Supabase Realtime WebSocket channels for unauthorized subscriptions and data exposure.
Cross-site scripting (XSS) vulnerability detection and exploitation. Supports reflected XSS, stored XSS, DOM-based XSS, and blind XSS testing. Use this skill when user mentions XSS, cross-site scripting, script injection, or needs to test JavaScript injection in parameters, forms, headers, or DOM sources.
Generates comprehensive, workable unit tests for any programming language using a multi-agent pipeline. Use when asked to generate tests, write unit tests, improve test coverage, add test coverage, create test files, or test a codebase. Supports C#, TypeScript, JavaScript, Python, Go, Rust, Java, and more. Orchestrates research, planning, and implementation phases to produce tests that compile, pass, and follow project conventions.
Test skill containing EICAR test file for malware detection
Test skill for security scanning