메뉴
Live site QA via agent-browser (token-efficient) and Playwright (login flows). Scans pages, catches visual/functional issues, compares with baselines. Use when testing a live site or after deploying.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | scan |
| description | Live site QA via agent-browser (token-efficient) and Playwright (login flows). Scans pages, catches visual/functional issues, compares with baselines. Use when testing a live site or after deploying. |
| triggers | ["scan","scan it","test it","qa","visual qa"] |
| allowed-tools | Bash, Read, Write, Edit, Grep, Glob |
| model | opus |
| user-invocable | true |
| argument-hint | [url or scope] |
Live site QA without relying on MCP servers. Two tools:
Catches what typecheck and build cannot: visual bugs, broken links, console errors, accessibility violations, performance regressions.
| Command | What It Does |
|---|---|
scan | Detect URL from project, run quick scan on key pages |
scan http://localhost:3000 | Scan specific URL |
scan full | Deep scan — all pages, all categories |
scan auth | Login via Playwright, then scan authenticated pages |
scan compare | Scan and compare against last baseline |
scan errors | Console + network errors only |
scan a11y | axe-core accessibility audit |
scan perf | Lighthouse performance only |
scan mobile | Mobile viewport screenshots + responsive check |
Check in order:
for port in 3000 3001 5173 8080; do curl -s http://localhost:$port > /dev/null 2>&1 && echo "http://localhost:$port" && break; done
node -e "const p=require('./package.json');const s=p.scripts||{};console.log(s.dev||s.start||'')"
Bash({ command: "npm run dev", run_in_background: true })
.vercel/ or recent deploy URLpackage.json homepage or CLAUDE.mdIf nothing found after all checks, ask the user.
# Fetch homepage, extract internal links
curl -sL "$TARGET_URL" | grep -oE 'href="[^"]+"' | sed 's/href="//;s/"$//' | sort -u | head -30
Or use agent-browser to get a structured snapshot of navigation:
agent-browser open "$TARGET_URL"
agent-browser snapshot -i # interactive elements + links
Priority pages (scan these first):
Use agent-browser for speed and token efficiency.
For each priority page:
mkdir -p .claude/screenshots/$(date +%Y-%m-%d)
DIR=".claude/screenshots/$(date +%Y-%m-%d)"
agent-browser open "$PAGE_URL"
agent-browser screenshot "$DIR/$(basename $PAGE_URL)-desktop.png"
# Mobile viewport
agent-browser viewport 375 812
agent-browser screenshot "$DIR/$(basename $PAGE_URL)-mobile.png"
# Console + network errors
agent-browser errors > "$DIR/$(basename $PAGE_URL)-errors.txt"
Loop over discovered URLs, scanning each. Cap at 20 pages to keep scan time reasonable (~5-10 min).
agent-browser handles simple form logins; use Playwright for OAuth, Google SSO, 2FA, or any redirect-heavy flow — it behaves more like a real user.
Create .claude/scripts/auth-scan.js:
const { chromium } = require('playwright');
(async () => {
const browser = await chromium.launch({ headless: false }); // headless:false lets you complete 2FA/SSO manually once
const ctx = await browser.newContext({ viewport: { width: 1280, height: 720 } });
const page = await ctx.newPage();
// Capture errors as they happen
const errors = [];
page.on('console', m => m.type() === 'error' && errors.push(m.text()));
page.on('pageerror', e => errors.push(`UNCAUGHT: ${e.message}`));
page.on('response', r => r.status() >= 400 && errors.push(`${r.status()} ${r.url()}`));
// Login
await page.goto(process.env.LOGIN_URL);
await page.fill('input[type="email"]', process.env.TEST_USER_EMAIL);
await page.fill('input[type="password"]', process.env.TEST_USER_PASSWORD);
await page.click('button[type="submit"]');
await page.waitForURL(url => !url.pathname.includes('login'), { timeout: 30000 });
// Save auth state for reuse
await ctx.storageState({ path: '.claude/auth-state.json' });
// Scan protected pages
const pages = (process.env.PAGES || '/dashboard').split(',');
for (const path of pages) {
await page.goto(new URL(path, process.env.BASE_URL).href);
await page.waitForLoadState('networkidle');
await page.screenshot({ path: `.claude/screenshots/auth-${path.replace(/\//g, '_')}.png`, fullPage: true });
}
require('fs').writeFileSync('.claude/screenshots/auth-errors.txt', errors.join('\n'));
await browser.close();
})();
Run it:
LOGIN_URL=http://localhost:3000/login \
TEST_USER_EMAIL=$TEST_USER_EMAIL \
TEST_USER_PASSWORD=$TEST_USER_PASSWORD \
BASE_URL=http://localhost:3000 \
PAGES=/dashboard,/settings,/profile \
node .claude/scripts/auth-scan.js
For Google SSO: launch with headless: false, complete the login manually the first time, and storageState persists the session. Subsequent runs can use storageState: '.claude/auth-state.json' in the context options.
Read the saved PNGs directly. Look for:
Layout issues:
Design quality:
Functional issues:
Inject axe-core into Playwright to get WCAG violations:
const { AxeBuilder } = require('@axe-core/playwright');
const results = await new AxeBuilder({ page }).analyze();
console.log(JSON.stringify(results.violations, null, 2));
Install once: npm install -D @axe-core/playwright
Standalone, no MCP needed:
npx lighthouse "$PAGE_URL" --only-categories=performance --chrome-flags="--headless" --output=json --output-path=.claude/lighthouse.json
node -e "const r=require('./.claude/lighthouse.json');console.log('Perf:',r.categories.performance.score*100,'LCP:',r.audits['largest-contentful-paint'].displayValue)"
For mobile: add --preset=perf --emulated-form-factor=mobile.
ls .claude/scans/ 2>/dev/null
Auto-save baseline on first scan:
mkdir -p .claude/scans
# First scan → baseline-YYYY-MM-DD.json
# Subsequent → scan-YYYY-MM-DD.json
Save JSON with: URLs scanned, error counts per page, Lighthouse scores, axe violation counts, screenshot paths.
Compare with previous baseline — report regressions and resolutions.
Scan Results: [URL]
═══════════════════
Pages scanned: [N]
Scan time: [T]
| Category | Score | Issues |
|----------|-------|--------|
| Performance (Lighthouse) | XX/100 | N issues |
| Accessibility (axe) | N violations | critical: N |
| Console errors | N pages affected | |
| Network errors | 4xx/5xx count | |
Critical Issues:
1. [page] — [issue] → [fix]
2. ...
Visual Issues (from screenshots):
1. [page] — [what's wrong visually]
2. ...
Compared to baseline: [improved/regressed/new scan]
- Performance: +5 (was 72, now 77)
- New issues: 3
- Resolved: 7
| Skill | How Scan Integrates |
|---|---|
ship | Run scan as post-deploy verification |
auto | After UI tasks, scan the affected page |
fix | When fixing UI bugs, scan to verify the fix |
design | Review screenshots for visual quality and AI slop indicators |
.claude/scans/ for future comparisonsstorageState — don't try to automate password entry on GoogleShow token / tool usage stats from the local telemetry log. Use when you want to know "which tools am I burning context on", "which skills are expensive", or "was yesterday's session mostly Read/Grep or actually productive".
Parallel quality audit with 7 specialized agents (Opus). Finds bugs, violations, and quality issues. Use audit for fixes, brainstorm for features.
Manage environment variables with Doppler — auto-install CLI, login, link projects, wrap commands with `doppler run`. Replaces scattered .env files with a hub/spoke architecture.
Scaffolds new projects or onboards existing ones. Detects stack, creates monorepo/single-app, configures strict tooling. Use for greenfield or first-time setup.
Archives completed stories from prd.json to reduce token usage.
Autonomous task execution with testing and security. Works through all tasks without stopping.