3D Pet Checkout Test
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is a plausible checkout test, but it bundles hardcoded account credentials, forces reports to a fixed Feishu chat, and can start undeclared browser automation code.
Review carefully before installing. Only run this with a disposable test Joyarti account, remove the bundled credentials, change or disable the hardcoded Feishu chat target, and confirm any `npx agent-browser` dependency and background daemon behavior are acceptable.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or invoking the skill could log into a specific bundled account rather than an account the user explicitly configured, and the credentials are exposed in the skill artifacts.
The bundled workflow contains real-looking default login credentials even though the registry declares no primary credential and SKILL.md says the email/password have no defaults.
"email": "${JOYARTI_EMAIL:-BrittanyWalters2815@hotmail.com}",
"password": "${JOYARTI_PASSWORD:-rfkmj661555}"Remove hardcoded credentials, require explicit user-provided test credentials, and declare the credential requirement in metadata.
Test status, account email, project IDs, product, and price details may be sent to a fixed chat that the user did not choose.
The workflow hardcodes a Feishu chat target and requires progress/final reports there, instead of using the user-configured `FEISHU_TARGET` described in SKILL.md.
"messageTarget": {
"action": "send",
"channel": "feishu",
"target": "chat:oc_0ed40afe795cdc22588f042a96bf3d9e"
}Make the messaging destination user-configurable, declare it as required configuration if needed, and do not send reports unless the user has approved the destination.
The skill may execute package-managed code whose version and provenance are not pinned or reviewed in the provided artifacts.
The helper can invoke an unpinned `npx agent-browser` command at runtime, but the install metadata declares no required binaries or install mechanism.
subprocess.Popen(
["npx", "agent-browser", "open", "about:blank"],
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL,
cwd="/tmp"
)Pin and declare the browser automation dependency, avoid runtime `npx` installation/execution, and document the required setup clearly.
A background browser automation process may remain running after the checkout test, which is broader than a one-shot upload helper.
The script explicitly starts a browser automation daemon when missing, and the provided code does not show stopping that daemon after the upload completes.
""" 自动重试: 如果 daemon 不存在,自动启动后再重试(最多 2 次)。 """ ... subprocess.Popen(["npx", "agent-browser", "open", "about:blank"], ... )
Ask for user approval before starting daemons, document the behavior, and stop or clean up the daemon when the test finishes.
The skill can operate an ecommerce account and browser session, though the documented flow says it should stop before payment.
The skill uses shell commands and browser automation to log in, upload an image, create a preview, and reach checkout; this is central to the stated test purpose and includes a no-payment safeguard.
"exec 下载图片到 /tmp/openclaw/uploads/pet_image.jpg" ... "exec 运行 CDP 上传脚本" ... "禁止点击 Place order/Pay now"
Use only a dedicated test account, verify the image source and checkout actions before running, and keep the no-payment guard in place.