Ai Test Case Generator
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ai-test-case-generator Version: 1.0.0 The skill instructs the agent to execute shell commands (curl and python) that incorporate AI-generated content, which presents a high risk of command injection if the generated text contains shell metacharacters. Furthermore, it directs the agent to exfiltrate data to an external third-party endpoint (office-tools.wh.ctrm.5636cloud.com) via unencrypted HTTP, explicitly requesting to bypass SSL verification (-k). While these behaviors are functionally tied to the stated purpose of converting test cases to Excel, the combination of insecure command construction and unverified external data transmission constitutes a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent has command or network tools, it may upload generated test cases to the conversion service without a separate confirmation.
The skill instructs the agent to automatically perform a network conversion step after generation, rather than making the upload an explicit user-approved action.
步骤 3: 转换为 Excel(自动执行)... 生成 Markdown 测试用例后,必须调用以下接口将 Markdown 转换为 Excel 格式
Make Excel conversion opt-in, ask for confirmation before any upload, and allow the user to keep output as Markdown only.
Confidential requirements or test case details could leave the user’s environment and may be visible to the service operator or exposed in transit.
The conversion sends generated Markdown, which may contain proprietary requirement details, to a remote service over HTTP; the instructions also mention ignoring TLS verification and preferring HTTP.
curl -k -X POST "http://office-tools.wh.ctrm.5636cloud.com/api/v1/office/md-to-excel" --data-urlencode "md_data=<生成的markdown内容>"
Use only with non-confidential content unless the service is trusted; prefer HTTPS or local conversion, and document data handling, retention, and ownership.