← Back to Skills

Security Visual Testing

🌐Community
by proffesor-for-testing · vlatest · Repository

Helps with security, testing as part of implementing security and authentication workflows.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add security-visual-testing npx -- -y @trustedskills/security-visual-testing
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "security-visual-testing": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/security-visual-testing"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill enables AI agents to perform security-aware visual testing of web pages. It leverages the qe-browser toolchain and the Vibium engine for browser automation, incorporating checks for prompt injection vulnerabilities before screenshots are stored and performing typed assertions including detection of data-leak requests. The goal is to identify and mitigate potential security risks while ensuring visual consistency across different viewports.

When to use it

  • Testing login pages: These pages often contain sensitive information like passwords and emails that require careful handling.
  • Running a visual regression suite: This skill facilitates parallel viewport testing and baseline comparison for detecting visual regressions.
  • Testing payment forms: Payment forms frequently involve credit card data, necessitating masking of sensitive information before screenshots are saved.
  • Auditing public marketing pages: Use when there's a possibility of sensitive data being displayed on publicly accessible web pages.
  • Not suitable for API-only testing: For security testing of APIs, use the dedicated "security-testing" skill instead.

Key capabilities

  • URL Validation: Blocks malicious URLs before navigation by preventing javascript:, data:, and file: schemes.
  • PII Detection: Identifies and flags over six types of sensitive Personally Identifiable Information (PII).
  • Parallel Viewports: Tests web pages across four different viewport sizes simultaneously for faster testing.
  • Visual Regression: Performs pixel-by-pixel comparisons with a configurable threshold to detect visual changes.
  • Accessibility Audit: Evaluates compliance with WCAG 2.1 accessibility guidelines (A/AA/AAA).
  • Prompt Injection Scanning: Scans page content for prompt injection patterns before screenshots are stored using check-injection.js.

Example prompts

  • "Run a security visual audit on https://example.com, including accessibility checks."
  • "Perform visual regression testing with baseline comparison for the login page."
  • "Test the payment form and ensure credit card data is masked before taking screenshots."

Tips & gotchas

  • PII Masking: Always mask PII (like emails, phone numbers, or credit card details) before storing any screenshots.
  • Viewport Coverage: Ensure testing covers all target viewports to catch visual issues across different devices.
  • Baseline Management: Store baselines in version control for reliable regression testing.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
proffesor-for-testing
Installs
29
Repository (canonical source) →

🌐 Community

Passed automated security scans.