微信小程序自动化测试
v1.0.0WeChat Mini Program automation testing toolkit. Supports launching DevTools, page navigation, element interaction, screenshots, console log reading, and more...
⭐ 1· 82·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill implements WeChat DevTools automation (launching DevTools, navigation, clicks, screenshots, console reading) and the included Python modules align with that purpose. However, the package metadata lists no required binaries or credentials while the code clearly relies on Node.js, npm, the global npm package 'miniprogram-automator', and the WeChat DevTools CLI. That omission is a transparency/information gap but not necessarily malicious.
Instruction Scope
SKILL.md and the scripts restrict actions to DevTools automation: generating temporary Node.js scripts, connecting to a local WebSocket service port (default ws://localhost:9420), driving pages, taking screenshots, and reading console/log data. The ConsoleReader also attempts to locate DevTools log files under user profile directories (AppData/Library paths) which is relevant to console log reading but is the only part that touches user filesystem outside a project directory.
Install Mechanism
There is no install spec (instruction-only skill + shipped scripts). That reduces install-surface risk. The runtime does create temporary JS files and runs them with 'node' and attempts to set NODE_PATH using 'npm root -g' (shell=True). Those are expected for this tooling but mean the environment must trust the npm package 'miniprogram-automator' and have Node/npm available.
Credentials
The skill requests no environment variables or credentials (correct). Still, it reads DevTools log files from standard user profile locations and prints/exports systemInfo/getCurrentPages data collected via the automator script; such data can include device/system details. No external network endpoints are contacted except the local WebSocket to DevTools. Overall the requested access is proportionate to automation/testing, but users should note the log-file access and local system info collection.
Persistence & Privilege
The skill does not request persistent/always-on privileges and does not modify other skills or system-wide agent settings. It writes temporary scripts to the system temp directory during execution and removes them afterward (normal behavior for this approach).
Assessment
This skill appears to do what it says: drive WeChat DevTools and run automated tests by generating and executing temporary Node.js scripts that use the 'miniprogram-automator' package and the DevTools CLI. Before installing or running it: 1) Ensure you have Node.js, npm, and WeChat DevTools installed and understand that the skill will call the DevTools CLI and open a local automation WebSocket (default ws://localhost:9420). 2) The skill will create temporary .js files in the system temp dir and execute them with node; review the shipped Python/JS source (included) and only run if you trust the code and the npm package 'miniprogram-automator'. 3) The ConsoleReader scans common DevTools log locations under your user profile — expect reading of log files and collection of systemInfo/getCurrentPages data; avoid running in environments with sensitive logs you don't want read. 4) Run first in an isolated/non-privileged account or container if you are unsure, and verify npm package provenance (use a known npm registry and inspect package version).Like a lobster shell, security has layers — review code before you run it.
latestvk97agj0nvafsqs3gj811yc9c8583ebby
License
MIT-0
Free to use, modify, and redistribute. No attribution required.