Daxiang Dogfood
ReviewAudited by ClawScan on May 10, 2026.
Overview
This QA skill is purpose-aligned, but it needs review because it can immediately drive a browser through a full web app, including create/edit/delete tests, and saves login session state locally.
Before using this skill, make sure you are authorized to test the target app. Prefer staging environments and test accounts, set a narrow scope, and tell the agent not to perform destructive, paid, public, or irreversible actions without your approval. Treat the output directory as sensitive, especially auth-state.json, screenshots, videos, and reports.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on a production site or real account, the agent could change or delete data while testing.
The skill instructs immediate full-app browser testing and explicitly includes create/edit/delete workflows, but the visible instructions do not require confirmation before actions that could mutate or delete real application data.
If the user says something like "dogfood vercel.com", start immediately with defaults... Scope | Full app ... Try realistic end-to-end workflows (create, edit, delete flows).
Use this only on apps and accounts you are authorized to test, preferably staging or test accounts. Explicitly set scope and require confirmation before delete, purchase, send, publish, billing, or other irreversible actions.
Anyone who gets the saved auth-state file may be able to reuse the logged-in browser session.
The skill can use user-provided login credentials and OTPs and then save browser session state to a local file. This is expected for authenticated QA, but the saved state may contain reusable session tokens.
agent-browser --session {SESSION} fill @e1 "{EMAIL}" ... fill @e2 "{PASSWORD}" ... For OTP/email codes: ask the user ... state save {OUTPUT_DIR}/auth-state.jsonUse a test account when possible, keep the output directory private, and delete or exclude auth-state.json before sharing the report bundle.
The generated report and media files may expose private data visible during testing.
The skill deliberately records persistent QA evidence. That is purpose-aligned, but screenshots, videos, and repro steps can capture private application data and may later be shared.
Produces a structured report with full reproduction evidence -- step-by-step screenshots, repro videos, and detailed repro steps for every issue
Review and redact screenshots, videos, and repro steps before sharing them outside the authorized team.
If the npx path were used, it could run package-managed code rather than only an already-installed local binary.
The tool permissions include npx invocation even though the instructions say not to use it. There is no evidence that it will be used automatically, but npx is a broader execution path than the skill appears to need.
allowed-tools: Bash(agent-browser:*), Bash(npx agent-browser:*) ... Always use `agent-browser` directly -- never `npx agent-browser`.
Prefer removing the npx allowed-tool entry or requiring the direct agent-browser binary to be installed before use.