3D Pet Checkout Test
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: 3d-pet-checkout-test Version: 1.0.0 The skill bundle is designed for automated QA testing of a specific e-commerce site (joyarti.com). It is classified as suspicious due to the inclusion of hardcoded plaintext credentials in workflow-3d-pet.json and the use of high-risk execution patterns, specifically the cdp_upload.py script which uses npx to execute potentially remote code and interacts directly with the browser via WebSockets/CDP. While these behaviors appear aligned with the stated automation goals, the combination of hardcoded secrets and raw CDP manipulation represents a significant security risk and a potential vector for unauthorized browser control.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or invoking the skill could log into a specific bundled account rather than an account the user explicitly configured, and the credentials are exposed in the skill artifacts.
The bundled workflow contains real-looking default login credentials even though the registry declares no primary credential and SKILL.md says the email/password have no defaults.
"email": "${JOYARTI_EMAIL:-BrittanyWalters2815@hotmail.com}",
"password": "${JOYARTI_PASSWORD:-rfkmj661555}"Remove hardcoded credentials, require explicit user-provided test credentials, and declare the credential requirement in metadata.
Test status, account email, project IDs, product, and price details may be sent to a fixed chat that the user did not choose.
The workflow hardcodes a Feishu chat target and requires progress/final reports there, instead of using the user-configured `FEISHU_TARGET` described in SKILL.md.
"messageTarget": {
"action": "send",
"channel": "feishu",
"target": "chat:oc_0ed40afe795cdc22588f042a96bf3d9e"
}Make the messaging destination user-configurable, declare it as required configuration if needed, and do not send reports unless the user has approved the destination.
The skill may execute package-managed code whose version and provenance are not pinned or reviewed in the provided artifacts.
The helper can invoke an unpinned `npx agent-browser` command at runtime, but the install metadata declares no required binaries or install mechanism.
subprocess.Popen(
["npx", "agent-browser", "open", "about:blank"],
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL,
cwd="/tmp"
)Pin and declare the browser automation dependency, avoid runtime `npx` installation/execution, and document the required setup clearly.
A background browser automation process may remain running after the checkout test, which is broader than a one-shot upload helper.
The script explicitly starts a browser automation daemon when missing, and the provided code does not show stopping that daemon after the upload completes.
""" 自动重试: 如果 daemon 不存在,自动启动后再重试(最多 2 次)。 """ ... subprocess.Popen(["npx", "agent-browser", "open", "about:blank"], ... )
Ask for user approval before starting daemons, document the behavior, and stop or clean up the daemon when the test finishes.
The skill can operate an ecommerce account and browser session, though the documented flow says it should stop before payment.
The skill uses shell commands and browser automation to log in, upload an image, create a preview, and reach checkout; this is central to the stated test purpose and includes a no-payment safeguard.
"exec 下载图片到 /tmp/openclaw/uploads/pet_image.jpg" ... "exec 运行 CDP 上传脚本" ... "禁止点击 Place order/Pay now"
Use only a dedicated test account, verify the image source and checkout actions before running, and keep the no-payment guard in place.