# Add to your Claude Code skills
git clone https://github.com/testdriverai/testdriveraiLast scanned: 6/27/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@eslint/plugin-kit: @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@hono/node-server: @hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@isaacs/brace-expansion: @isaacs/brace-expansion has Uncontrolled Resource Consumption",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@jimp/core: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/custom: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/diff: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/js-bmp: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/js-gif: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/js-jpeg: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/js-png: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/js-tiff: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/plugin-blur: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/plugin-color: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/plugin-contain: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/plugin-cover: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/plugin-crop: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/plugin-hash: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/plugin-print: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/plugin-resize: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/plugin-rotate: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@jimp/plugin-threshold: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@mintlify/cli: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@mintlify/link-rot: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@mintlify/previewing: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@modelcontextprotocol/sdk: @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/core: OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/instrumentation-amqplib: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/instrumentation-connect: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/instrumentation-express: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/instrumentation-fs: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/instrumentation-hapi: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/instrumentation-http: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/instrumentation-koa: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/instrumentation-mongoose: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/instrumentation-mysql2: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/instrumentation-pg: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/instrumentation-undici: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/resources: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/sdk-trace-base: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/sql-common: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@sentry/node: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@stoplight/spectral-core: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@stoplight/spectral-functions: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@vitest/ui: Vulnerability found",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "@xmldom/xmldom: xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "axios: Axios is vulnerable to DoS attack through lack of data size check",
"severity": "high"
},
{
"type": "npm-audit",
"message": "basic-ftp: Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "body-parser: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "clean-css: Regular Expression Denial of Service in clean-css",
"severity": "low"
},
{
"type": "npm-audit",
"message": "diff: jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"severity": "low"
},
{
"type": "npm-audit",
"message": "engine.io: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "esbuild: esbuild enables any website to send any requests to the development server and read the response",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "express: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
"severity": "high"
},
{
"type": "npm-audit",
"message": "file-type: file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "follow-redirects: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "form-data: form-data uses unsafe random function in form-data for choosing boundary",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"severity": "high"
},
{
"type": "npm-audit",
"message": "hono: Hono added timing comparison hardening in basicAuth and bearerAuth",
"severity": "high"
},
{
"type": "npm-audit",
"message": "html-minify: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "jimp: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "junit-viewer: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "lodash: lodash vulnerable to Code Injection via `_.template` imports key names",
"severity": "high"
},
{
"type": "npm-audit",
"message": "mdast-util-to-hast: mdast-util-to-hast has unsanitized class attribute",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "min-document: min-document vulnerable to prototype pollution",
"severity": "low"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "mint: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "mocha: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters",
"severity": "high"
},
{
"type": "npm-audit",
"message": "phin: phin may include sensitive headers in subsequent requests after redirect",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "qs: qs's arrayLimit bypass in comma parsing allows denial of service",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "render-gif: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "rollup: Rollup 4 has Arbitrary File Write via Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "serialize-javascript: Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"severity": "high"
},
{
"type": "npm-audit",
"message": "socket.io-adapter: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "socket.io-parser: socket.io allows an unbounded number of binary attachments",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tar-fs: tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball",
"severity": "high"
},
{
"type": "npm-audit",
"message": "terminal-image: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "tmp: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"severity": "high"
},
{
"type": "npm-audit",
"message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
"severity": "high"
},
{
"type": "npm-audit",
"message": "vitest: Vulnerability found",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "ws: ws: Uninitialized memory disclosure",
"severity": "high"
},
{
"type": "npm-audit",
"message": "xml2js: xml2js is vulnerable to prototype pollution",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "yaml: yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"severity": "medium"
}
],
"status": "FAILED",
"scannedAt": "2026-06-27T06:52:35.108Z",
"npmAuditRan": true,
"pipAuditRan": true,
"promptInjectionRan": true
}testdriverai is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by testdriverai. Computer-Use SDK for E2E QA Testing. It has 222 GitHub stars.
testdriverai failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.
Clone the repository with "git clone https://github.com/testdriverai/testdriverai" and add it to your Claude Code skills directory (see the Installation section above).
testdriverai is primarily written in JavaScript. It is open-source under testdriverai on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh testdriverai against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
🚀 Quick Start • 📖 Documentation • 💻 Examples • 📖 Pricing • 💬 Discord • 🌐 Website
Don't ship bugs because flows are too hard to test. TestDriver helps engineering teams easily test, debug, and monitor E2E flows that are hard or impossible to cover with other tools like:
Third-Party Web Apps • Desktop Apps • VS Code Extensions • Chrome Extensions • AI Chatbots • OAuth Flows • PDF Content • Spelling & Grammar • File System & Uploads • OS Accessibility • Visual Content • <iframe> • <canvas> • <video>
// Click on the new text document
await testdriver.find("New text document").mouseDown();
// Drag the "New Text Document" icon to the "Recycle Bin"
await testdriver.find("Recycle Bin icon").mouseUp();
// Assert "New Text Document" icon is not on the Desktop
const result = await testdriver.assert(
'the "New Text Document" icon is not visible on the Desktop'
);
expect(result).toBeTruthy();
See Full Example • Browse All Examples
No credit card required!
npx testdriverai init
This will:
vitest run
Watch as TestDriver: