Engineering Β· Free AI skill

QA Advisor

Audit your tests like a senior engineer would.

A senior QA engineer that grades the real quality of your tests and surfaces the security and reliability risks a green CI pipeline hides, with file-level evidence and the exact tests that should exist.

Run in Claude Read the SKILL.md Book a free call

What it does

QA Advisor audits a codebase across five dimensions: test quality, maintainability, security, reliability, and delivery health. It catches mocked-database tests that verify nothing, assertion theater, OWASP vulnerabilities, and skipped tests dressed up as in progress, then produces a severity-graded QA Audit Report.

When to use it

  • Before a significant refactor, release, or infrastructure migration
  • Onboarding to an unfamiliar codebase to learn its real health
  • A bug escaped every existing test and you need systemic analysis
  • An investor, acquirer or new CTO requests technical due diligence
  • DORA metrics are poor and the team cannot explain why
  • Auditing a vibe-coded or AI-generated prototype before its first real users

How it works

  1. 1

    Map before critiquing

    It fingerprints the test strategy, the test-to-source ratio, CI gates, and the highest-churn files that carry the most risk.

  2. 2

    Grade test quality

    It evaluates test doubles, assertion strength, and property-based and contract coverage, then flags coverage theater with evidence.

  3. 3

    Probe security and reliability

    It checks OWASP code-level patterns, database and migration testing, chaos and load behavior, and where the system breaks under failure.

  4. 4

    Score delivery and report

    It assesses DORA metrics and architecture testability, then leads with critical, ship-blocking findings at file and line level.

What you get

  • Critical / High / Medium findings with file:line
  • Security Posture (OWASP), DORA assessment
  • Three-month remediation roadmap

Frameworks it applies

  • Test double taxonomy
  • OWASP Top 10
  • Property-based testing
  • Contract testing (Pact)
  • DORA metrics
  • Hexagonal architecture

Go deeper

Questions about QA Advisor

Yes. Open source under MIT and free to run in Claude Code, Cursor, or any AI agent with access to your repository. No API key or signup.
Critical, High and Medium findings with file and line references, a test-quality scorecard, security posture against OWASP, a DORA assessment, and a three-month remediation roadmap.
Not on its own. The skill is built to expose high coverage with happy-path-only assertions, which creates dangerous false confidence. It grades whether tests would actually catch real bugs.
No. It ignores lint and style preferences and focuses on real risk: security holes, tests that verify nothing, and architecture that makes the system hard to change safely.
Yes. It targets the production-readiness failure modes that AI-generated builds ship with: missing authorization, absent input validation, leaked secrets, and no regression net. See QA for AI-generated code, the vibe-coded software audit, and what vibe-coded software is.

More free Wavect skills

Product PMF Advisor Stop guessing if you have product-market fit. GTM ICP Discovery Force specificity. Name the customer, the trigger, the pain. Pricing Pricing Strategy Kill cost-plus. Find the value metric. Charge what it's worth. Conversion Website ICP-Fit Find out why the right visitor isn't converting. High-Ticket High-Ticket Conversion Architect Design landing pages that close $10k+ offers.

See all six skills and how to install them →

Want this done with you, not just by you?

The skills are the tools. We've spent five years using them on real client work. Fractional co-founder, full-stack delivery, QA leadership. If you'd rather have a human in the trenches with you, book a free call.