ui-test-agent
Security checks across malware telemetry and agentic risk
Overview
The skill matches its UI testing purpose, but its generated replay scripts and HTML reports do not safely escape recorded content, which can lead to unintended command or script execution when those outputs are used.
Install/use only with a trusted agent-browser runtime. Prefer staging sites and test accounts, review generated .sh/.bat files before running them, and do not share the HTML report unless screenshots and typed values have been checked and redacted.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a session, test name, description, or recorded value contains shell metacharacters, running the generated replay script could execute unintended local commands.
Step descriptions and recorded command strings are written directly into generated .sh/.bat replay scripts without shell escaping or validation that the command is limited to safe agent-browser usage.
lines.append(f'echo "▶ Step {num}: {desc}"')
lines.append(cmd)Review generated .sh/.bat files before running them. The skill should escape shell fields, store commands as structured arguments, and validate that replay commands are limited to expected agent-browser actions.
Opening a generated report from a crafted or poisoned session could run injected JavaScript in the browser or display misleading report content.
Recorded descriptions, commands, URLs, input values, errors, and other fields are interpolated into HTML without HTML/attribute escaping.
<span style="font-weight:600;font-size:15px;color:#1e293b;flex:1">{desc}</span>
<pre style="background:#0f172a;color:#e2e8f0;padding:12px 16px;border-radius:6px; ...">{cmd}</pre>Escape all HTML text and attributes before rendering, sanitize URLs, and treat session files as trusted input only.
Reports and session files can contain private page content, account data, or values typed during the test; sharing the HTML report shares that evidence too.
The workflow intentionally records screenshots for every step and embeds them into a persistent standalone HTML report.
每步必须截图 ... 截图是报告的主要证据 报告特性: - 📸 截图内嵌为 Base64,单 HTML 文件无外部依赖
Use test accounts and non-sensitive data where possible, keep generated reports local, and redact or delete artifacts before sharing.
A failed earlier step could leave the browser on an unexpected page while later clicks or typing still occur.
The skill directs real browser clicks and typing and tells the agent to keep recording after failures. This is central to UI testing, but it can have side effects if used on production or destructive flows.
agent-browser click --selector "#btn-login" ... agent-browser type --selector "#username" --value "admin" 失败后仍须继续录制,不要中断整体流程。
Run against staging/test environments, avoid destructive actions unless explicitly approved, and consider stopping on failure for high-impact workflows.
The skill may use whatever agent-browser binary is already on the machine, so behavior depends on the local tool’s provenance and version.
The skill depends on an external agent-browser CLI, while the supplied metadata declares no required binaries or install mechanism.
agent-browser <命令> <参数>
Verify that agent-browser is installed from a trusted source and is the expected version before using this skill.