Author: Daniel Slug: top-claude-skills-qa-engineers-2026 Meta Description: We ranked the top Claude Skills for QA engineers by GitHub stars, maintenance, and real-world testing fit. Q2 2026 data from 24 audited repos. Primary Keyword: claude skills for qa engineers Secondary Keywords: best claude skills for testing, claude code qa skills, claude playwright skill, ai testing skills Reading Time: 11 minutes Cluster Role: Supporting (parent: claude skills) Cover Image: ![Top Claude Skills for QA En

QA testing has been quietly absorbed by Claude Skills. By April 2026, Anthropic's official webapp-testing skill is among the most-installed entries in the entire ecosystem, and a growing slice of QA-specific community skills cover everything from security pentesting to website auditing to mobile-simulator workflows.

For a QA engineer, the question is no longer "is there a skill for this?" — it is "which of the available skills are good enough to ship into production-test pipelines, and which are research projects?"

This article ranks the ten most useful Claude Skills for QA engineers, scored against public GitHub adoption data and weighted for production-readiness. We pulled stars, last-commit dates, and maintenance signals on April 30, 2026.

How We Ranked These Skills

A QA-focused ranking can't just count stars. A skill with 50,000 stars that hasn't been touched in nine months is worse than a skill with 200 stars that ships a fix every week.

Our weighting:

1. GitHub stars (40%) — adoption proxy.
2. Maintenance activity (30%) — last-commit recency, release cadence, open-issue throughput.
3. QA-specific fit (30%) — how directly the skill serves a QA workflow versus general SWE work.

We also excluded skills with no GitHub presence. Verifiable beats popular.

The Top 10

1. anthropics/skills — webapp-testing — 125,856 ⭐

Anthropic's official Playwright-based skill for testing local web applications. Spin it up against a running dev server and Claude drives a real browser to verify behavior, capture screenshots, and produce structured failure reports.

• Repository: anthropics/skills — webapp-testing
• Best for: Any QA engineer working on a web product who wants Claude to close the loop between "the agent wrote the code" and "the agent verified the feature works."
• Why it ranks here: Official maintenance, deep Playwright integration, and the broadest community support. If you only install one QA skill, this is it.
• Caveat: Vanilla Playwright. Production sites with Cloudflare, DataDome, or PerimeterX defeat it on request one. Fine for staging and internal apps; not fine for testing flows that touch real third-party sites.

2. trailofbits/skills — 4,878 ⭐

Trail of Bits' security-focused skill collection — static analysis with CodeQL and Semgrep, audit-context building, and modern Python tooling.

• Repository: trailofbits/skills
• Best for: QA engineers whose remit includes security testing. Particularly strong for teams that need pre-merge static analysis as part of CI.
• Why it ranks here: Audit-grade rigor from a known security shop, actively maintained, and the static-analysis primitives slot directly into QA pipelines.
• Caveat: Heavy on Python. If your stack is Node-only or .NET-only, half the value is gone.

3. lackeyjb/playwright-skill — 2,518 ⭐

A general-purpose Playwright wrapper, less opinionated than webapp-testing, more flexible for custom test scripts.

• Repository: lackeyjb/playwright-skill
• Best for: QA teams that already maintain a Playwright test suite and want Claude to extend it rather than replace it.
• Why it ranks here: Playwright remains the default browser-test library. This skill is the most-starred direct bridge.
• Caveat: Assumes Playwright fluency. New testers should pick webapp-testing first.

4. mhattingpete/claude-skills-marketplace — 563 ⭐

A bundle of software-engineering skills covering Git automation, test-runner orchestration, and code review.

• Repository: mhattingpete/claude-skills-marketplace
• Best for: QA engineers embedded in dev teams who want shared workflow primitives that span "run the tests, open a PR, review the diff."
• Why it ranks here: Sharper SWE-specific primitives than the giant kitchen-sink bundles, with better discoverability.
• Caveat: Some overlap with obra/superpowers. Pick one as your primary SWE-workflow layer to avoid command ambiguity.

5. Eyadkelleh/awesome-claude-skills-security — 201 ⭐

A curated security-testing toolkit — SecLists wordlists, injection payload libraries, and expert agents tuned for authorized pentesting and CTFs.

• Repository: Eyadkelleh/awesome-claude-skills-security
• Best for: Application-security QA engineers. The skill makes "let Claude run a structured pentest pass against this endpoint" a first-class workflow.
• Why it ranks here: It is the most-starred security-testing skill that lives outside Trail of Bits' ecosystem.
• Caveat: Authorized-testing-only. Read the README on legal scope before enabling.

6. anthropics/skills — skill-creator — 125,856 ⭐

Official skill for scaffolding new Claude Skills via interactive Q&A.

• Repository: anthropics/skills — skill-creator
• Best for: QA leads who want to encode team-specific testing conventions ("our smoke-test pattern," "our regression checklist") into shared skills.
• Why it ranks here: As soon as you notice three engineers manually prompting Claude in the same way, that's a skill. This builds it.
• Caveat: The output is a scaffold, not a finished skill. Expect to rewrite ~50% of the generated SKILL.md.

7. conorluddy/ios-simulator-skill — 850 ⭐

iOS app building, navigation, and testing automation through Claude.

• Repository: conorluddy/ios-simulator-skill
• Best for: Mobile QA engineers, particularly teams shipping iOS apps with frequent regression cycles.
• Why it ranks here: Mobile QA is underrepresented in the Claude Skills ecosystem; this is the most-adopted entry by a wide margin.
• Caveat: macOS-only (uses simctl). No Android equivalent of comparable maturity exists yet.

8. spruikco/fat-agent-skill — 28 ⭐

FAT Agent — Fix, Audit, Test. A post-launch website QA skill that audits SEO, security, accessibility, and performance in one pass.

• Repository: spruikco/fat-agent-skill
• Best for: QA engineers responsible for production-site health rather than just pre-merge testing. Marketing-site teams especially.
• Why it ranks here: It's one of very few skills that treats "post-launch monitoring" as a first-class QA workflow. Specialization beats generic reach.
• Caveat: Small project, one-person maintainership. Good for adoption with a clear fallback plan.

9. heal-dev/heal-playwright-tracer — 32 ⭐

An open-source statement-level Playwright tracer purpose-built for AI agents. Produces structured trace output an LLM can reason about.

• Repository: heal-dev/heal-playwright-tracer
• Best for: QA engineers whose agents run browser tests but can't debug failures. The tracer turns "test failed" into "test failed because click on selector X resolved to a hidden element."
• Why it ranks here: It solves a specific, real problem nobody else solves directly.
• Caveat: Small project. Pin a version if you depend on it.

10. appariciojunior/website-audit-skill — 21 ⭐

A comprehensive website content + UX audit skill. Covers content, copy, UX structure, conversion, creative direction, and technical QA in one structured review.

• Repository: appariciojunior/website-audit-skill
• Best for: QA engineers extending into UX or content QA. Particularly useful for marketing-site teams that need cross-functional review.
• Why it ranks here: It scopes a wider definition of QA than most skills attempt, and the structured-review output is actionable.
• Caveat: New project, low star count. Use as a complement to a stricter functional-test layer.

At-a-Glance Comparison

Three patterns surface from this table.

First, the official webapp-testing skill dominates by stars but uses vanilla Playwright. Every team eventually hits the wall where its tests work against staging but fail against any production target with anti-bot defenses. None of the top-10 skills solve this.

Second, security-testing tooling is well-served. Trail of Bits and the awesome-claude-skills-security collection together cover most of what an AppSec QA engineer needs. Mobile-app QA is also reasonably covered (iOS at least).

Third, post-launch and cross-functional QA are underbuilt. The two skills that try (fat-agent-skill, website-audit-skill) sit at 28 and 21 stars respectively. Real demand exists; supply has not caught up.

The Gap: Testing Against Real Production Sites

Every browser-based QA skill on this list uses vanilla Playwright. That's fine for testing your own app against localhost:3000. It is not fine for testing user journeys that involve third-party sites — a SERP page, a payment provider, a competitive product page, a shared LinkedIn flow — where modern anti-bot infrastructure flags vanilla Playwright instantly.

The failure pattern is consistent: QA suite passes locally, breaks in CI when run against a production-like target, and the engineer spends a day diagnosing whether it's a real regression or a captcha challenge.

This is why production QA teams increasingly pair Playwright-based skills with stealth-browser infrastructure. BrowserAct is one such layer — purpose-built for AI agents that need to test against real production sites with anti-detection, residential proxies, and automatic CAPTCHA bypass. It currently exposes a REST API and templates rather than a Claude Skill, so it shows up in the gap analysis rather than the rankings, but QA teams using it report the same pattern: the skills above handle test orchestration and assertion, and BrowserAct handles getting the test suite past the bouncer. For QA workflows that involve scraping listings or comments — say, regression-testing a review-aggregation feature — pairing with the Reddit Posts & Comments Scraper template is faster than re-implementing selectors.

We expect a high-star community skill in this category to emerge in 2026.

Who Should Install What

For a typical web-product QA engineer:

1. webapp-testing as the primary E2E layer.
2. lackeyjb/playwright-skill if you have an existing Playwright suite to integrate.
3. mhattingpete/claude-skills-marketplace for Git/test/review workflow.
4. skill-creator to codify team-specific QA patterns.

For an AppSec QA engineer:

1. All four above.
2. trailofbits/skills for static analysis.
3. Eyadkelleh/awesome-claude-skills-security for active testing.
4. A stealth-browser backend for testing flows against real production targets.

For a mobile QA engineer:

1. conorluddy/ios-simulator-skill plus webapp-testing for the web side of the app.
2. skill-creator to encode regression conventions.

For a marketing-site / post-launch QA engineer:

1. fat-agent-skill + website-audit-skill.
2. webapp-testing for functional E2E.

Conclusion

For QA engineers, the Claude Skills ecosystem is in roughly the same shape as Selenium was in 2014 — broad enough to be useful, opinionated enough to be productive, and missing the one piece that separates "works on my machine" from "works in production." That piece, in 2026, is stealth browsing. Until a community skill closes the gap, the practical move is the same as it has always been: install the strongest official tooling, layer specialized skills on top, and bring your own infrastructure for the parts that need it.

If your QA suite is hitting that wall — passing locally, failing against production, eating engineering time — take a look at BrowserAct. It is the infrastructure layer that sits behind your Claude-driven tests at exactly that step.