qa-architecture-auditor
执行取证级代码库分析并生成全面的质量保证 和测试策略报告。担任独立首席 QA 架构师,高级 软件安全审核员和 IT 系统审核员。使用零信任策略(忽略 现有的测试)并解决所有测试方法:黑盒、白盒、 手动、自动、单元、集成、系统、功能、烟雾、理智、E2E、 回归、API、数据库完整性、性能、安全性、可用性、兼容性、 可访问性、本地化、验收和探索性测试。需要时使用 适用于任何代码存储库的从头开始的完整、独立的测试策略。
安装 / 下载方式
TotalClaw CLI推荐
totalclaw install totalclaw:totalclaw~shifulegend-qa-architecture-auditorcURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/totalclaw%3Atotalclaw~shifulegend-qa-architecture-auditor/file -o shifulegend-qa-architecture-auditor.md## 概述(中文)
执行取证级代码库分析并生成全面的质量保证
和测试策略报告。担任独立首席 QA 架构师,高级
软件安全审核员和 IT 系统审核员。使用零信任策略(忽略
现有的测试)并解决所有测试方法:黑盒、白盒、
手动、自动、单元、集成、系统、功能、烟雾、理智、E2E、
回归、API、数据库完整性、性能、安全性、可用性、兼容性、
可访问性、本地化、验收和探索性测试。需要时使用
适用于任何代码存储库的从头开始的完整、独立的测试策略。
## 原文
# QA Architecture Auditor
This skill performs deep forensic analysis of codebases and produces exhaustive QA testing strategy reports with IT General Controls compliance. It provides independent baselines, vulnerability assessments, from-scratch test cases, and tooling recommendations for every testing methodology.
## What This Skill Does
- Analyzes repository structure, languages, frameworks, and dependencies
- Maps architecture and identifies critical risk areas
- Generates comprehensive testing strategy reports (HTML and Markdown formats)
- Provides specific, tailored test cases for each methodology
- Recommends industry-standard tools based on tech stack
- Ensures zero-trust approach: ignores all existing tests
## When to Use This Skill
Use this skill when you need:
- A complete QA strategy built from scratch (no reuse of existing tests)
- Forensic-level codebase analysis for security and quality compliance
- ITGC-ready testing documentation for system transitions
- Detailed testing matrix covering all standard and specialized methodologies
- Independent validation plan for unproven or legacy codebases
## Quick Start
Provide a local repository path or git URL:
```
qa-architecture-auditor --repo /path/to/repo --output report.html
```
The skill will:
1. Clone/access the repository
2. Analyze code structure, dependencies, and business logic
3. Identify high-risk modules and security vulnerabilities
4. Generate comprehensive testing strategy report
5. Provide tooling recommendations and specific test cases
## Command-Line Interface
```
usage: qa-audit [-h] --repo REPO [--output OUTPUT] [--format {html,md}] [--include-risk-prioritization] [--include-test-cases] [--include-tooling] [--exclude EXCLUDE] [--max-depth MAX_DEPTH] [--security-scan] [--compliance {itgc,soc2,iso27001,hipaa,gdpr}]
Perform forensic QA architecture analysis and generate testing strategy report.
options:
-h, --help show this help message and exit
--repo REPO, -r REPO Repository path or git URL
--output OUTPUT, -o OUTPUT
Output file path (default: qa-report.html)
--format {html,md}, -f {html,md}
Output format (default: html)
--include-risk-prioritization
Include risk prioritization matrix
--include-test-cases Include detailed test cases for each methodology
--include-tooling Include tooling recommendations
--exclude EXCLUDE, -e EXCLUDE
Comma-separated directories to exclude from analysis
--max-depth MAX_DEPTH
Maximum directory traversal depth
--security-scan Perform security vulnerability scanning
--compliance {itgc,soc2,iso27001,hipaa,gdpr}
Compliance framework to target
```
## Report Sections
The generated report includes:
1. **Executive Summary** - High-level findings and recommendations
2. **Codebase Analysis** - Languages, frameworks, dependencies, architecture patterns
3. **Risk Assessment** - High-risk modules and security concerns
4. **Testing Matrix** - Comprehensive strategies for each methodology:
- Core Execution: Black Box, White Box, Manual, Automated
- Functional & Structural: Unit, Integration, System, Functional, Smoke, Sanity, E2E, Regression, API, Database Integrity
- Non-Functional: Performance, Security, Usability, Compatibility, Accessibility, Localization
- Specialized: Acceptance (UAT), Exploratory Testing
5. **From-Scratch Test Cases** - Specific examples for critical paths
6. **Tooling Recommendations** - Best tools for the detected tech stack
7. **ITGC Compliance** - Controls and readiness assessments
## External Endpoints
The skill may make outbound network connections only for:
| Endpoint | Purpose | Data Sent |
|----------|---------|-----------|
| Git remotes (HTTPS/SSH) | Clone or fetch repository content | Authentication credentials if using SSH keys or HTTPS token; repository data read-only |
No other external services are contacted.
## Security & Privacy
- **Local processing**: All code analysis runs locally; no code is sent to third-party APIs.
- **Git operations**: When analyzing a remote repository, the skill performs `git clone` or `git fetch`. This may transmit repository data over the network and may require authentication if the repo is private.
- **Output**: The generated report is written to the local filesystem at the specified path.
- **Environment**: The skill does not require any environment variables. It does not modify system settings.
## Model Invocation Note
This skill runs as an autonomous CLI tool. Once invoked (via `/qa-audit` or direct shell), it performs the analysis without further model interaction. The heavy lifting is done by the Python script; no external AI inference is required during execution.
## Trust Statement
By using this skill, you trust that the code analysis and recommendations are accurate to the best of the tool's capabilities. The skill does not exfiltrate your code to external services beyond the Git operations you explicitly authorize. Only install and run this skill on codebases you have permission to analyze.
## Implementation Notes
- The skill uses static analysis to understand code without execution
- Supports major languages: JavaScript/TypeScript, Python, Java, Go, Rust, C#, Ruby, PHP
- Detects frameworks: React, Vue, Angular, Django, Flask, Spring, Express, etc.
- Generates risk scores based on complexity, external dependencies, and data handling
- Produces both human-readable HTML and machine-parsable Markdown
## References
For detailed methodology guidance, see:
- `references/methodologies.md` - Testing approach definitions and decision criteria
- `references/risk-assessment.md` - Risk scoring algorithm and vulnerability patterns
- `references/tooling-matrix.md` - Tool recommendations by language and framework
- `references/compliance-frameworks.md` - ITGC and audit requirements
## License
MIT
## Contributing
Improvements and contributions are welcome. Please open an issue or pull request on the GitHub repository.