Qa Expert
Write standardized, reproducible test cases with priorities, steps, and explicit pass/fail criteria for agent-driven or manual QA.
Overview
qa-expert is an agent skill most often used in Ship (also Validate, Operate) that produces standardized markdown test cases with priorities, steps, and pass/fail criteria.
Install
npx skills add https://github.com/daymade/claude-code-skills --skill qa-expertWhat is this skill?
- Markdown test-case template with TC-[CATEGORY]-[NUMBER] naming convention
- Fields for Priority (P0–P4), Type (Unit/Integration/E2E/Security/Performance), and estimated time
- Prerequisites, numbered test steps, expected results, and pass/fail criteria sections
- Example TC-CLI-001 integration scenario for installing a skill from GitHub
- Optional 'Potential Bugs to Watch For' section for edge cases and security notes
- Template defines Priority scale P0 through P4 and types including Unit, Integration, E2E, Security, and Performance
Adoption & trust: 904 installs on skills.sh; 1.2k GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your testing notes are ad hoc chat bullets, so nobody can rerun the same verification or know what counts as pass or fail.
Who is it for?
Indie developers documenting CLI, integration, and E2E checks before release or after a bugfix.
Skip if: Teams that only want generated pytest code with no human-readable case catalog, or zero-documentation throwaway spikes.
When should I use this skill?
You need standardized, reproducible test cases written in markdown with clear prerequisites, steps, and pass/fail gates.
What do I get? / Deliverables
You get markdown test cases with IDs, priorities, steps, and measurable pass/fail gates ready for manual runs or automation backfill.
- Markdown test case documents (TC-CATEGORY-NUMBER)
- Example-driven integration cases such as CLI install scenarios
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Formal test cases are authored when you are ready to verify behavior before release, which aligns with the Ship phase. The skill ships a test-case markdown template with P0–P4 priorities and verification blocks—canonical placement is Ship → testing.
Where it fits
Capture the minimal happy-path clicks that prove the MVP works before you expand scope.
Author TC-* security and integration cases ahead of a release candidate.
Attach test cases to a PR so reviewers know which verifications must pass.
Turn a production bug report into a new case under Potential Bugs to Watch For.
How it compares
Use as a structured test-case template skill, not as a substitute for CI pipelines or security scanners.
Common Questions / FAQ
Who is qa-expert for?
Solo builders and small teams who need repeatable QA write-ups for SaaS, CLI, or agent projects without a dedicated QA department.
When should I use qa-expert?
During Ship when building regression lists, during Validate when proving prototype flows, and during Operate when codifying incident reproduction steps into new TC-* cases.
Is qa-expert safe to install?
Review the Security Audits panel on this Prism page; the readme notes a gitleaks security scan timestamp—still verify skill source and hash before piping commands from test steps.
SKILL.md
READMESKILL.md - Qa Expert
Security scan passed Scanned at: 2025-11-10T01:04:27.457659 Tool: gitleaks + pattern-based validation Content hash: 285963ff8755c043176531839cd549a80bebebaf1d9bcdd21628234d0c5d6246 # Test Case Template Use this template for writing standardized, reproducible test cases. --- ## Template Structure ```markdown ### TC-[CATEGORY]-[NUMBER]: [Descriptive Title] **Priority**: P0/P1/P2/P3/P4 **Type**: Unit/Integration/E2E/Security/Performance **Estimated Time**: [X] minutes **Prerequisites**: - Prerequisite 1 (specific and verifiable) - Prerequisite 2 **Test Steps**: 1. Step 1 (exact command or action) 2. Step 2 (specific input data) 3. Step 3 (verification action) **Expected Result**: ✅ Specific outcome with example output ✅ Measurable verification criteria **Pass/Fail Criteria**: - ✅ PASS: All verification steps succeed - ❌ FAIL: Any error, missing data, or deviation **Potential Bugs to Watch For**: - Known edge case or vulnerability - Related security concern ``` --- ## Example: CLI Install Test ```markdown ### TC-CLI-001: Install Skill from GitHub Repository **Priority**: P0 **Type**: Integration **Estimated Time**: 5 minutes **Prerequisites**: - CLI installed globally (`which ccpm` returns path) - Internet connection active - `~/.claude/skills/` directory exists or can be created - No existing installation of `cli-demo-generator` **Test Steps**: 1. Open terminal 2. Run: `ccpm install cli-demo-generator` 3. Observe success message 4. Run: `ls ~/.claude/skills/` 5. Verify directory exists 6. Run: `cat ~/.claude/skills/cli-demo-generator/package.json` 7. Verify valid JSON with name field **Expected Result**: ✅ Terminal shows: "Successfully installed cli-demo-generator" ✅ Directory created: `~/.claude/skills/cli-demo-generator/` ✅ package.json exists with valid content ✅ No errors in terminal output **Pass/Fail Criteria**: - ✅ PASS: All 4 verification criteria met, exit code 0 - ❌ FAIL: Any error message, missing directory, or malformed package.json **Potential Bugs to Watch For**: - Path traversal vulnerability (test with `../../../etc/passwd`) - Network timeout with no retry logic - Incorrect permissions on `~/.claude` directory - Race condition if multiple installs concurrent ``` --- ## Example: Security Test ```markdown ### TC-SEC-001: SQL Injection Protection - Login Form **Priority**: P0 **Type**: Security **Estimated Time**: 3 minutes **Prerequisites**: - Application running on http://localhost:8080 - Test user account exists: `test@example.com` / `password123` - Database seeded with sample data **Test Steps**: 1. Navigate to login page 2. Enter username: `admin' OR '1'='1` 3. Enter password: `anything` 4. Click "Login" button 5. Observe response **Expected Result**: ✅ Login FAILS with error: "Invalid credentials" ✅ SQL injection attempt logged in security_events table ✅ No database data exposed in error message ✅ User NOT authenticated **Pass/Fail Criteria**: - ✅ PASS: Login fails, injection logged, no data leak - ❌ FAIL: Login succeeds, no logging, or SQL error exposed **Potential Bugs to Watch For**: - Verbose error messages exposing schema - Second-order SQL injection in profile fields - NoSQL injection if using MongoDB - Timing-based blind SQL injection ``` --- ## Guidelines ### Writing Clear Prerequisites ❌ **Bad**: "System running" ✅ **Good**: "Docker containers healthy (`docker ps` shows 5 running), port 8080 accessible" ### Writing Specific Steps ❌ **Bad**: "Test the login" ✅ **Good**: "Enter 'test@example.com' in email field, enter 'Password123!' in password field, click 'Login' button" ### Writing Measurable Results ❌ **Bad**: "It works" ✅ **Good**: "HTTP 200 response, redirects to /dashboard, session cookie set with 30min expiry" ### Estimating Time - Simple validation: 1-2 min - API call test: 2-3 min - E2E workflow: 5-10 min - Security audit: 3-5 min per test --- ## Category Codes - **CLI**: Command-line interface tests - **WEB**: Web UI tests - **API**: Backend API tests - *