Loading...
Loading...
Found 54 Skills
Test Supabase Realtime WebSocket channels for unauthorized subscriptions and data exposure.
Comprehensive QA testing orchestrator. Use when user says 'test', 'qa', 'check site', 'find bugs', 'helpmetest', provides a URL to test, or wants complete testing coverage from discovery through bug reporting. Discovers ALL pages, enumerates ALL features, tests comprehensively, reports exact metrics.
1. Greet and introduce yourself. Use this when the user says "你好", "hello", or asks for a self-introduction.
HelpMeTest API library — write Robot Framework tests that make HTTP requests through the browser session (auth cookies included automatically). Use when user wants to test REST APIs, write API tests, chain requests, assert JSON fields, test CRUD flows, debug a failing API call, or use keywords like GET/POST/PUT/PATCH/DELETE/CURL. Triggers on: 'test the API', 'call this endpoint', 'check the response', 'POST /api/...', 'GET /api/...', 'write api tests', 'assert json', 'api returns 4xx', 'why is /api/x returning 401', 'debug this api call'. Also self-invokes when another test reveals an API call returning an unexpected status and you want to investigate or reproduce it in isolation.
Instant visual verification via screenshots. For quick checks like 'does button look blue', 'is layout centered', 'header look right on mobile'. Fast alternative to formal testing - just look and confirm. Use when user wants visual inspection without creating test files.
Set up HelpMeTest proxy tunnels for local development testing. Use when user needs to test localhost, wants to substitute production URLs with local ports, or needs to route multiple services. Use when user says 'set up proxy', 'test localhost', 'tunnel to local', or before running tests against local development servers.
Use this skill when the user doesn't yet know what to test. This is the "learn the site first" step — for unfamiliar websites, new projects, or any situation where Feature/Persona artifacts don't exist yet. Use when the user: gives a URL with no specific test in mind, asks what features or flows a site has, wants to explore or walk through a site, is new to a project, or says "explore before we test". Also use for bare "test [URL]" commands with no further context. Do not use when Feature artifacts already exist or the user references specific known tests or bugs.
Cross-site scripting (XSS) vulnerability detection and exploitation. Supports reflected XSS, stored XSS, DOM-based XSS, and blind XSS testing. Use this skill when user mentions XSS, cross-site scripting, script injection, or needs to test JavaScript injection in parameters, forms, headers, or DOM sources.
Generate penetration testing reports in standard format, including project information sheet, vulnerability discovery list, detailed vulnerability information (including attribute sheet, description, reproduction steps, evidence screenshots, remediation suggestions), and appendices (risk level definition, CVSS explanation, glossary). Use this skill when users request to generate penetration testing reports, security testing reports, or vulnerability reports. Strictly follow the standard format in the project template directory.
Generates comprehensive, workable unit tests for any programming language using a multi-agent pipeline. Use when asked to generate tests, write unit tests, improve test coverage, add test coverage, create test files, or test a codebase. Supports C#, TypeScript, JavaScript, Python, Go, Rust, Java, and more. Orchestrates research, planning, and implementation phases to produce tests that compile, pass, and follow project conventions.
Test skill containing EICAR test file for malware detection
Test skill for security scanning