Skip to main content

qa-only

Conducts report-only QA testing, generating structured reports with health scores and bug reproduction steps without fixing issues.

Install this skill

or
13/100

Security score

The qa-only skill was audited on Jun 5, 2026 and we found 29 security issues across 4 threat categories, including 1 critical. Review the findings below before installing.

Categories Tested

Security Issues

critical line 192

Piping content to bash shell

SourceSKILL.md
1923. If `bun` is not installed: `curl -fsSL https://bun.sh/install | bash`
high line 192

Curl to non-GitHub URL

SourceSKILL.md
1923. If `bun` is not installed: `curl -fsSL https://bun.sh/install | bash`
medium line 234

Fetch to external URL

SourceSKILL.md
234- API endpoints → test them directly with `$B js "await fetch('/api/...')"`
low line 22

Access to hidden dotfiles in home directory

SourceSKILL.md
22_UPD=$(~/.claude/skills/chief/bin/chief-update-check 2>/dev/null || .claude/skills/chief/bin/chief-update-check 2>/dev/null || true)
low line 24

Access to hidden dotfiles in home directory

SourceSKILL.md
24mkdir -p ~/.chief/sessions
low line 25

Access to hidden dotfiles in home directory

SourceSKILL.md
25touch ~/.chief/sessions/"$PPID"
low line 26

Access to hidden dotfiles in home directory

SourceSKILL.md
26_SESSIONS=$(find ~/.chief/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ')
low line 27

Access to hidden dotfiles in home directory

SourceSKILL.md
27find ~/.chief/sessions -mmin +120 -type f -delete 2>/dev/null || true
low line 28

Access to hidden dotfiles in home directory

SourceSKILL.md
28_CONTRIB=$(~/.claude/skills/chief/bin/chief-config get chief_contributor 2>/dev/null || true)
low line 29

Access to hidden dotfiles in home directory

SourceSKILL.md
29_PROACTIVE=$(~/.claude/skills/chief/bin/chief-config get proactive 2>/dev/null || echo "true")
low line 33

Access to hidden dotfiles in home directory

SourceSKILL.md
33_LAKE_SEEN=$([ -f ~/.chief/.completeness-intro-seen ] && echo "yes" || echo "no")
low line 35

Access to hidden dotfiles in home directory

SourceSKILL.md
35mkdir -p ~/.chief/analytics
low line 36

Access to hidden dotfiles in home directory

SourceSKILL.md
36echo '{"skill":"qa-only","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.chief/analytics/skill-usag
medium line 42

Access to hidden dotfiles in home directory

SourceSKILL.md
42If output shows `UPGRADE_AVAILABLE <old> <new>`: read `~/.claude/skills/chief/chief-upgrade/SKILL.md` and follow the "Inline upgrade flow" (auto-upgrade if configured, otherwise AskUserQuestion with 4
low line 51

Access to hidden dotfiles in home directory

SourceSKILL.md
51touch ~/.chief/.completeness-intro-seen
medium line 103

Access to hidden dotfiles in home directory

SourceSKILL.md
103**To file:** write `~/.chief/contributor-logs/{slug}.md` with **all sections below** (do not truncate — include every section through the Date/Version footer):
low line 181

Access to hidden dotfiles in home directory

SourceSKILL.md
181[ -z "$B" ] && B=~/.claude/skills/chief/browse/dist/browse
medium line 207

Access to hidden dotfiles in home directory

SourceSKILL.md
2071. **Project-scoped test plans:** Check `~/.chief/projects/` for recent `*-test-plan-*.md` files for this repo
low line 209

Access to hidden dotfiles in home directory

SourceSKILL.md
209source <(~/.claude/skills/chief/bin/chief-slug 2>/dev/null)
low line 210

Access to hidden dotfiles in home directory

SourceSKILL.md
210ls -t ~/.chief/projects/$SLUG/*-test-plan-*.md 2>/dev/null | head -1
low line 505

Access to hidden dotfiles in home directory

SourceSKILL.md
505source <(~/.claude/skills/chief/bin/chief-slug 2>/dev/null) && mkdir -p ~/.chief/projects/$SLUG
medium line 507

Access to hidden dotfiles in home directory

SourceSKILL.md
507Write to `~/.chief/projects/{slug}/{user}-{branch}-test-outcome-{datetime}.md`
low line 46

External URL reference

SourceSKILL.md
46thing when AI makes the marginal cost near-zero. Read more: https://garryslist.org/posts/boil-the-ocean"
low line 50

External URL reference

SourceSKILL.md
50open https://garryslist.org/posts/boil-the-ocean
low line 165

External URL reference

SourceSKILL.md
165| Target URL | (auto-detect or required) | `https://myapp.com`, `http://localhost:3000` |
low line 192

External URL reference

SourceSKILL.md
1923. If `bun` is not installed: `curl -fsSL https://bun.sh/install | bash`
low line 241

External URL reference

SourceSKILL.md
241$B goto http://localhost:3000 2>/dev/null && echo "Found app on :3000" || \
low line 242

External URL reference

SourceSKILL.md
242$B goto http://localhost:4000 2>/dev/null && echo "Found app on :4000" || \
low line 243

External URL reference

SourceSKILL.md
243$B goto http://localhost:8080 2>/dev/null && echo "Found app on :8080"
Scanned on Jun 5, 2026
View Security Dashboard
Installation guide →
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
claude-codetestingqa-engineerproduct-managerdevelopmentproduct
onlypfachi/chief