Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Human Test
v1.6.1Call real humans to test your product (URL or app). Get structured usability feedback with screen recordings, NPS scores, and AI-aggregated findings.
⭐ 0· 421·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (running human usability tests and returning a report) is reasonable, but the SKILL.md instructs installing and running a third‑party package (humantest-app) and starting a persistent local server. The registry metadata lists no required env vars or credentials, yet the instructions explicitly rely on multiple AI provider API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, DEEPSEEK_API_KEY, GEMINI_API_KEY). That mismatch (undeclared env access and a full local app install) is disproportionate to a simple 'call testers and return a report' description and should be justified.
Instruction Scope
The SKILL.md instructs the agent to: curl a BASE_URL, or (if not available) run 'npm i -g humantest-app', init and start a local server which will auto-detect AI API keys from the environment, create a default admin user automatically, and serve endpoints that accept webhooks and repo URLs for automated code fixes. These instructions read and use environment variables not declared in the registry, create persistent services, and can POST reports to arbitrary webhook URLs — all of which go beyond the minimal scope of managing a single test task.
Install Mechanism
There is no formal install spec in the registry, yet the instructions instruct a global npm install ('npm i -g humantest-app') and then run binaries that build/start the app. Installing an unvetted global npm package from an unspecified source is high risk: the package could execute arbitrary code on the host, and the SKILL.md gives no provenance or checksum for the package. The absence of an explicit, trusted install specification reduces transparency.
Credentials
The skill's metadata declares no required environment variables, but the instructions say the app will auto-detect and use ANTHROPIC_API_KEY, OPENAI_API_KEY, DEEPSEEK_API_KEY, or GEMINI_API_KEY. Reading multiple unrelated LLM provider keys from the host environment is broad and not documented as required in the registry. Additionally, the service can post reports to arbitrary webhook URLs and may use repoUrl to generate code fixes (potentially interacting with GitHub) without declaring how credentials are provided — this raises the risk of accidental exposure or misuse of secrets.
Persistence & Privilege
The instructions create and start a persistent local service (default port 3000) and automatically create a default admin user with no registration step. Persisting a server and an admin account increases long‑term attack surface (exposed endpoints, default credentials) and is a capability beyond a typical ephemeral skill. While 'always: false' and autonomous invocation are normal, the creation of persistent infrastructure and default admin privileges is a notable privilege escalation relative to the registry declaration.
What to consider before installing
This skill is plausible but contains multiple red flags you should resolve before installing or running it:
- Do not blindly run the suggested 'npm i -g humantest-app' on a production machine. Verify the package's publisher and inspect its source (npm page / GitHub repo) first. Prefer running such installs in an isolated VM or container.
- The SKILL.md says the app will auto-detect LLM API keys from your environment (ANTHROPIC_API_KEY, OPENAI_API_KEY, DEEPSEEK_API_KEY, GEMINI_API_KEY). If you must run it, ensure you do not expose high‑privilege or production keys; consider creating limited-scope/test keys or running in an environment without sensitive credentials.
- The self-hosted flow auto-creates a default admin user with no registration. After starting the app, immediately change or disable default credentials, bind the service to localhost only (or firewall it), and require authentication.
- The service can POST reports to arbitrary webhook URLs and accept repoUrl for automated code fixes. Avoid supplying webhooks or repo URLs that grant access to sensitive systems (internal repos, CI, or secret-storing endpoints) until you fully trust the service and understand its auth model.
- If you prefer hosted mode (https://human-test.work), evaluate the service's privacy policy and data retention (screen recordings include audio/video of real people) before uploading sensitive product URLs. Verify who controls the hosted domain and how recordings/reports are stored and shared.
If you want to proceed safely, request the skill author to: publish an explicit install spec (with package provenance), declare required env vars in registry metadata, explain authentication flows for webhooks/GitHub, and document default admin credentials and how to secure or rotate them. If the author cannot provide those, run the tool only in a disposable, network-restricted sandbox and avoid exposing production secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk9709k84e7rwvffkbc1nk306fn82hpjr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.