Back to skill
Skillv1.0.3
VirusTotal security
Website Usability Testing using Nova Act · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:49 AM
- Hash
- a0ece34e10776aa80233e28b0d5318dc25e92d58096f7baf07e363abf9d298ba
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: website-usability-test-nova-act Version: 1.0.3 The skill is designed for AI-orchestrated web usability testing using Amazon Nova Act. It includes robust safety features like explicit 'safety stops' before material impact actions (e.g., payment, posting) in `scripts/dynamic_exploration.py` and `scripts/run_adaptive_test.py`, and clear warnings about sensitive data in trace files in `SKILL.md`. However, the core functionality involves navigating to and interacting with arbitrary, user-provided URLs via `scripts/run_adaptive_test.py`. While the skill itself does not exhibit malicious intent (e.g., no data exfiltration, no unauthorized persistence), the inherent risk of a browser automation tool interacting with untrusted external websites, combined with the use of `subprocess.run` in `SKILL.md` to execute internal scripts (which could be a shell injection vulnerability if the orchestrating agent does not sanitize user-provided URLs before passing them as arguments), classifies it as 'suspicious' rather than 'benign'.
- External report
- View on VirusTotal