E2E自动化工程师 端到端流程测试
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: e2e-flow-test Version: 1.1.0 The skill bundle is designed for E2E automation testing using Playwright and a local PHP-based runner (`php bin/w e2e:run`). The instructions in SKILL.md are consistent with standard testing workflows, including environment cleanup and reporting, with no evidence of malicious intent, data exfiltration, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run browser tests or framework commands that consume resources and can affect local test state.
The skill directs the agent to run a local repository E2E test command. This is central to the stated testing purpose, but it still means the agent may execute local test workflows.
Use `php bin/w e2e:run` for repository-supported browser testing.
Use a test or disposable environment, confirm the intended test scope, and avoid pointing the workflow at production services unless explicitly intended.
If real credentials are supplied, the agent may observe or use them while driving browser flows.
The skill may require login details or account/session prerequisites for realistic browser testing. This is expected for E2E validation, but it involves delegated account access.
Any login, seed data, or runtime prerequisites.
Provide only least-privilege test accounts and non-production seed data whenever possible.
The agent may rely on project instructions that have not been reviewed here.
The skill references additional local project documents and skills that were not included in the reviewed artifact set. This is common for project-specific skills, but it means some behavior-shaping guidance is outside this review.
Source Material - `AI-ENTRY.md` - `CLAUDE.md` - `dev/ai/skills/testing/SKILL.md`
Review the referenced project guidance files before relying on the skill in a sensitive repository.
Failure details, environment notes, or prerequisite information could be shared in a team or agent-collaboration context.
The skill instructs the agent to notify a named role when issues occur. This appears collaboration-oriented, but the reviewed artifact does not define the notification channel or data boundaries.
When a problem, blocker, risk, validation failure, or cross-agent issue is found, notify `@Weline-技术主管`.
Clarify where notifications go and avoid including secrets, tokens, or sensitive test data in collaboration updates.