webapp-testing-skill
Enables automated testing and interaction with local web applications using Playwright browser automation scripts.
92
/ 100 · Grade A
A = 90–100
“I need to automatically test and verify the functionality of my local web applications without manual browser interaction.”
webapp-testing-skill earned Certified status with a trust score of 92/100 (Grade A). No adversarial findings — all attack patterns were handled gracefully.
Trust Score Breakdown
Eight weighted signals composing the aggregate trust score
Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.
Findings
Security scan results, adversarial testing, and pipeline review
Security Scan — Cisco Skill Scanner
Adversarial Testing — 3 categories, 0 findings
No adversarial findings — all attack patterns handled gracefully.
Methodology v1.0 · 3 categories · ~55 attack patterns
Behavioral Fingerprint
Runtime performance baseline for drift detection
Samples
8
Error rate
0.0%
Peak memory
— MB
Avg CPU
—%
Response time distribution
Output size distribution
Fingerprint v1.0 · Baseline: Mar 28, 2026 · Status: baseline
Interface
Skill triggers and instruction summary
Activation
This skill activates when the user needs to test, interact with, or debug local web applications using browser automation.
This skill handles web application testing, UI verification, screenshot capture, and browser log inspection for local applications.
Does
Write native Python Playwright scripts for web automation
Use helper scripts as black boxes by running --help first
Wait for networkidle state before DOM inspection on dynamic apps
Launch Chromium browser in headless mode
Follow reconnaissance-then-action pattern for dynamic webapps
Use descriptive selectors and appropriate waits
Close browsers when automation is complete
Does not
Read helper script source code before trying to run them
Inspect DOM before waiting for networkidle on dynamic applications
Launch browsers in non-headless mode
Scope & Permissions
What this capability can and cannot access — derived from pipeline analysis
yes
no
yes
no
yes
yes
Known Failure Modes
Documented edge cases and recovery behaviors
when when DOM is inspected before networkidle wait
then the agent may miss dynamically loaded content
when when helper scripts are read instead of executed
then the agent pollutes context window unnecessarily
Badge & Integration
Embed certification status in your README, docs, or CI pipeline
Certification Notes
Provenance observations from the pipeline
Publisher "anthropics" is not verified — first certification from this publisher
No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process
Single contributor — no peer review evidence in commit history
Repository is 3 days old — recently created
Package description appears to be boilerplate or template text
Signed Artifact
Certification provenance and verification metadata
Pipeline Artifacts
Raw data files from this certification run — downloadable for independent verification
contract.json
Full unsigned contract
stage1-ingest.json
Ingest stage output
stage2a-sbom.json
SBOM generation results
stage2a-vulns.json
Vulnerability scan results
stage2b-security.json
Security scan results
stage3a-functional.json
Functional test results
stage3b-adversarial.json
Adversarial test results
stage3c-fingerprint.json
Behavioral fingerprint
stage4-certify.json
Certification decision + trust score
stage3a-measurements.json
Raw functional test measurements
stage3b-measurements.json
Raw adversarial test measurements
run-log.json
Pipeline execution log
Not all files may be present for every certification.