Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Flexible Web Tester
v1.0.2智能 Web UI 测试工作台,支持 MCP 直接驱动和 Python 脚本驱动双模式,三种测试模式,强制人工确认,安全可控。
⭐ 0· 126·0 current·0 all-time
byAllen@millerallen98
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the instructions: a Web UI test tool legitimately needs file-system access (read/write test cases and reports), a CLI to run Python scripts, and browser control (Playwright). Asking the agent to check for those MCP capabilities is coherent with the stated purpose.
Instruction Scope
Pre-flight requires the agent to 'list or read a known existing local file' but does not specify which file or restrict the path — this ambiguity could lead to reading arbitrary user files. The skill mandates writing generated test scripts and reports to disk and explicitly instructs saving Python scripts (which may include credentials). It does enforce a manual confirmation step before executing tests, which reduces risk, but the unspecified preflight file reads and automatic disk writes are concerning.
Install Mechanism
No install spec and no code files are provided, so nothing is downloaded or installed by the skill itself. That lowers the risk of arbitrary code being fetched at install time.
Credentials
The skill does not request platform credentials up front, which is good, but it supports an 'automatic filling' login mode that will embed user-supplied usernames/passwords into generated scripts which the skill then writes to disk. Persisting sensitive credentials in plaintext test scripts/reports is disproportionate unless the user is explicitly warned and given safe storage options. The preflight's unspecified file-read could also access unrelated local data.
Persistence & Privilege
always:false and no requests to change other skills or system-wide configs. The skill does instruct the user how to configure MCP entries in ~/.openclaw/openclaw.json, but it doesn't claim to alter other skills or require permanent elevated privileges.
What to consider before installing
This skill appears to do what it says (Web UI testing) but has two practical risks you should consider before installing or using it:
- Clarify the preflight file-read: ask (or inspect) which exact file/path the agent will read during the environment check. If unspecified, it could probe arbitrary files — decline or sandbox the skill until that is fixed.
- Avoid providing real credentials for 'automatic filling'. If you must use auto-fill, be aware the generated Python script and reports are saved to disk and may contain credentials in plain text; inspect and securely delete or encrypt those files after use. Prefer 'manual intervention' login mode if you want to avoid storing secrets.
Additional precautions:
- Run the skill in a controlled/sandboxed workspace (an empty directory) so the File System MCP only has access to intended paths.
- Review any generated {YYYYMMDD}_测试脚本.py before giving the final '确认' to execute it.
- If you need to configure MCP servers, make the changes yourself and avoid copying sensitive tokens into global config files.
If the author can update SKILL.md to (1) specify exact safe preflight file(s) or use a synthetic/local only probe, and (2) warn clearly about credential persistence or add an option to avoid embedding secrets in saved files, this would reduce the concerns and raise confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk97c23jeq5hyg1tz0hpe73tpnd835n12playwrightvk971yjz28bn33ndxanstjgnbv1835psatestingvk971yjz28bn33ndxanstjgnbv1835psaweb-uivk971yjz28bn33ndxanstjgnbv1835psa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.