ClawHub

广州日报/融媒云通用测试助手

v1.0.0

广州日报/融媒云通用测试助手。专为广州日报报业集团及广州市区融媒云平台的测试工作设计。 覆盖场景: (1) 广州市区融媒云平台后台管理系统(CMS/采编/运营后台)功能测试 (2) 广州融媒云APP(Android/iOS/HarmonyOS)功能、性能、兼容性测试 (3) 广州日报新花城APP(Android/...

0· 67·0 current·0 all-time
byzaimingwang@freeeye
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (platform/App/H5/API testing) match the included reference docs and three scripts (generate_cases.py, api_test.py, check_url.py). Required env/config/credentials are none, which aligns with a general testing helper that accepts target URLs/tokens at runtime.
Instruction Scope
SKILL.md instructs the agent to generate cases, run API tests, check URLs, and produce reports — exactly what the bundled scripts implement. The api_test tool explicitly includes security tests (SQLi/XSS) and a performance test that issues many requests; this is expected for a QA tool but could be destructive if pointed at production systems. The skill documentation does state to avoid write operations against production, which mitigates but does not eliminate operational risk.
Install Mechanism
There is no registry install spec (instruction-only), but both runtime scripts auto-install the 'requests' package via subprocess pip install if missing. That means the skill may modify the Python environment and requires outbound network access during the first run — expected but worth noting.
Credentials
The skill declares no required environment variables or credentials. The scripts accept tokens/headers as CLI args for authenticated API tests; this is proportionate to the stated purpose. There are no requests for unrelated secrets or config paths.
Persistence & Privilege
Skill is not always-enabled and does not declare elevated persistence. It does not modify other skills' configuration. Runtime behavior is limited to running the included scripts and network calls to targets provided by the user.
Assessment
This skill appears coherent for QA/testing of the Guangzhou media platforms. Before installing/using it: 1) Run it in a sandbox or isolated environment because the scripts will perform arbitrary HTTP requests and may auto-install the 'requests' package via pip. 2) Do not point the security or performance tests at production systems — the api_test tool includes SQLi/XSS and load tests that can be disruptive. 3) If you plan to supply authentication tokens, treat them as sensitive: pass them only to intended test environments and avoid storing them in shared locations. 4) Review the preset target URLs and change them if you don't want tests to probe those hosts. 5) If you have stricter change controls, consider extracting the three scripts and running them under your own supervision rather than allowing the agent to invoke them autonomously.

Like a lobster shell, security has layers — review code before you run it.

api-testvk97fcg15kazs7m4hev6pa4pkw58413jaapp-testvk97fcg15kazs7m4hev6pa4pkw58413jaguangzhouvk97fcg15kazs7m4hev6pa4pkw58413jah5-testvk97fcg15kazs7m4hev6pa4pkw58413jalatestvk97fcg15kazs7m4hev6pa4pkw58413jamediavk97fcg15kazs7m4hev6pa4pkw58413jatestingvk97fcg15kazs7m4hev6pa4pkw58413ja

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments