Billy — Mission Control Visual QA
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do what it claims, but users should notice that it runs code over SSH on a specific host and saves screenshots that may contain sensitive page data.
This looks like a coherent visual QA helper, not a malicious skill. Before installing or running it, confirm you are authorized to SSH to the configured SAPCONET host, verify the remote Puppeteer/Chromium setup, supply only trusted Mission Control URLs, and manage the saved screenshots because they may contain sensitive content.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill executes commands on the configured remote SSH account and writes files there.
The skill intentionally uses SSH/SCP and remote shell execution to copy and run the QA script. This is disclosed and purpose-aligned, but it is a powerful operation and the configurable remote path values should be treated as trusted inputs.
ssh "${SSH_TARGET}" "mkdir -p ${REMOTE_RUN_DIR} ${OUTPUT_DIR}"
scp "${LOCAL_SCRIPT_DIR}/${SCRIPT_NAME}" "${SSH_TARGET}:${REMOTE_RUN_DIR}/${SCRIPT_NAME}"
ssh "${SSH_TARGET}" "cd ${REMOTE_RUN_DIR} && OUTPUT_DIR='${OUTPUT_DIR}' node ./${SCRIPT_NAME} ${quoted_args[*]}"Use it only with an SSH target and directory values you trust, and review the exact URLs and environment variables before running.
The skill may use your existing SSH configuration or agent credentials to access the SAPCONET host.
The skill depends on SSH access to a named remote account/host, but the registry metadata does not declare a primary credential. The access is disclosed and central to the purpose, so this is a notice rather than a concern.
via SSH (Neill machine `100.110.24.44`) Optional env vars: - `SSH_TARGET` (default: `neill@100.110.24.44`)
Install or run it only if you are authorized to use that SSH account and understand which key/account your SSH client will use.
The skill may fail or use whatever Puppeteer/Chromium installation already exists on the remote host.
The runnable script requires Puppeteer and Chromium on the remote host, while the registry says there are no required binaries or install spec. This is an under-declared dependency/provenance issue, not evidence of malicious behavior.
puppeteer = require('puppeteer');
...
console.error('Missing dependency: puppeteer. Install on SAPCONET host.');
...
executablePath: process.env.CHROMIUM_PATH || '/usr/bin/chromium'Verify the remote Node, Puppeteer, and Chromium installations are trusted and compatible before running the skill.
A malicious page loaded through the remote browser could have a higher impact on the SAPCONET host than it would in a sandboxed browser.
Launching Chromium is expected for visual QA, but disabling the browser sandbox reduces isolation if an untrusted or compromised page is loaded.
const browser = await puppeteer.launch({
headless: true,
executablePath: process.env.CHROMIUM_PATH || '/usr/bin/chromium',
args: ['--no-sandbox', '--disable-setuid-sandbox'],
});Use this only for trusted, authorized Mission Control pages, and consider enabling browser sandboxing if the remote environment supports it.
Screenshots or page metadata could remain on the SAPCONET host after the QA run and may expose information visible in the browser.
The skill stores screenshots and DOM-derived summaries in a persistent workspace directory. These outputs may capture sensitive UI content from Mission Control pages.
Default output path is `~/.openclaw/workspace/output/visual-qa/` on SAPCONET. ... On SAPCONET host, each URL produces: - `*.png` screenshot - basic DOM result
Review and clean the output directory when needed, and avoid running against pages that display secrets or private data unless storage there is acceptable.