ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Billy — Mission Control Visual QA

v0.1.3

Run Mission Control visual QA on SAPCONET over SSH using Puppeteer screenshots and basic DOM checks.

0· 372·0 current·0 all-time
by@highlander89·duplicate of @highlander89/mission-control-visual-qa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (visual QA on Mission Control via SSH) matches the provided artifacts: a Puppeteer Node script (scripts/mission-control-visual-qa.js) and an SSH/SCP helper (scripts/run-mission-control-visual-qa.sh). No unrelated binaries, credentials, or config paths are requested. The default SSH target (neill@100.110.24.44) is hard-coded as a sensible default for this use case and aligns with the description.
Instruction Scope
The SKILL.md and scripts limit actions to copying the Node script to the remote host, launching Chromium via Puppeteer to load supplied URLs, performing simple DOM checks (title, presence of main & h1, body text length), taking screenshots, and printing a JSON summary. The script does not submit forms or click controls. Note: the Node script collects page title (string) and the numeric bodyTextLength but does NOT transmit full page body text; screenshots remain on the remote OUTPUT_DIR and are not automatically copied back. Also, the helper script expands paths (including ~) locally when building the remote mkdir command, which can cause unexpected absolute paths on the remote host—this is an operational bug rather than malicious behavior.
Install Mechanism
No install spec is provided (instruction-only + code files), so nothing is automatically downloaded or written by the platform. The Node script requires the 'puppeteer' package and a Chromium binary on the remote host; the script will error and exit if puppeteer is not installed. This is expected but requires manual setup on the SAPCONET host.
Credentials
No required environment variables or credentials are declared. Optional env vars (SSH_TARGET, REMOTE_RUN_DIR, OUTPUT_DIR, CHROMIUM_PATH) are directly relevant to remote execution and are proportionate to the task. There are no requests for unrelated secrets or system credentials.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or agent-wide configuration. It only copies its own script to the remote host and writes output under the specified OUTPUT_DIR on that host. No elevated persistence or hidden backdoors are present.
Assessment
This appears coherent for running remote visual QA, but check a few operational points before installing: 1) Confirm and trust the SSH_TARGET (100.110.24.44) and that you are authorized to run checks there. 2) Ensure puppeteer and a compatible Chromium/Chrome are installed on the remote host (the script will exit if puppeteer is missing). 3) Be aware screenshots are stored on the remote OUTPUT_DIR and are not automatically copied back; if you need the images locally, retrieve them explicitly. 4) The helper script expands ~ and other paths locally when building remote mkdir commands; to avoid creating unexpected absolute paths on the remote host, explicitly set REMOTE_RUN_DIR and OUTPUT_DIR to absolute paths appropriate for the remote user. 5) Because the tool loads pages you supply, avoid pointing it at any pages you are not permitted to inspect—page titles and metadata will be printed and could reveal sensitive information. If you want tighter safety, review/update the helper script to preserve remote-side tilde expansion (quote remote commands) and confirm argument escaping in your environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk972md8r3z1qc7mgvqygm1264n81y9vv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

mission-control-visual-qa

Author: Billy (SAPCONET)

Purpose

Run visual QA (screenshots + basic DOM checks) for Mission Control pages on SAPCONET via SSH (Neill machine 100.110.24.44).

What this skill includes

  • scripts/mission-control-visual-qa.js: Puppeteer-based remote runner (intended to run on SAPCONET).
  • scripts/run-mission-control-visual-qa.sh: Local helper that copies and runs the Node script over scp + ssh.

Safety rules

  • Only target Mission Control pages you are authorized to inspect.
  • Default output path is ~/.openclaw/workspace/output/visual-qa/ on SAPCONET.
  • No external network activity is performed by scripts other than SSH/SCP to SAPCONET and page loads for supplied URLs.
  • Script is read-only and does not submit forms or click destructive controls.

Usage

From local machine:

bash scripts/run-mission-control-visual-qa.sh \
  "https://mission-control.example.local/dashboard" \
  "https://mission-control.example.local/status"

Optional env vars:

  • SSH_TARGET (default: neill@100.110.24.44)
  • REMOTE_RUN_DIR (default: ~/.openclaw/workspace/mission-control-visual-qa-runner)
  • OUTPUT_DIR (default: ~/.openclaw/workspace/output/visual-qa/)

Expected output

On SAPCONET host, each URL produces:

  • *.png screenshot
  • basic DOM result (title + presence of main, h1, and body text)
  • final JSON summary printed to stdout

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…