Flexible Web Tester
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This web testing skill is purpose-aligned, but it asks for broad browser, terminal, filesystem, and login access with unclear safeguards for credentials and real website actions.
Install only if you are comfortable granting the agent browser automation, terminal execution, and filesystem access. Use staging sites and disposable test accounts, avoid entering real passwords when possible, inspect generated scripts before confirming execution, and pin the Playwright MCP package instead of using @latest.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may touch local files and use terminal/browser tools before the user reviews a test plan, and later may click through a real site in ways that could change account or application state.
The skill mandates automatic filesystem, terminal, and browser capability checks before collecting parameters, then supports broad autonomous clicking against a user-supplied site. The local file path and web action boundaries are not clearly scoped.
当用户启动此技能时,你必须立即执行以下隐式环境检查:... 尝试列出或读取一个已知存在的本地文件 ... 执行 `echo "test"` 或 `python3 --version` ... 自由探索:无需用例,给定 URL 后自主漫游、点击
Run only in a scoped test workspace, use staging or test accounts, and require explicit limits such as no purchases, deletes, posts, or settings changes unless separately approved.
A real username and password could be stored in plaintext in a generated .md or .py file, making it visible to anyone with access to that working directory.
The skill asks users to provide login credentials and also requires saving generated test cases or Python scripts locally. It does not instruct the agent to redact credentials, use environment variables, or avoid writing passwords into generated files.
[L2] 自动填写:提供用户名和密码,我自动完成登录流程 ... 示例回复:`... 用户名test@example.com 密码123456` ... 强制落盘 1(必须执行):调用 File System MCP,将方案保存到本地
Prefer manual login or disposable test credentials. If automatic login is needed, require secrets to be redacted from saved files or loaded from a secure environment variable.
If the generated script is wrong or unsafe, it could access local files, environment variables, or network resources available to the terminal.
Generating and executing Playwright Python code is central to this skill and is gated by confirmation, but it still gives generated code the permissions of the local terminal.
引擎 B(Python 脚本驱动)- 生成带有详尽注释的 Python + Playwright 代码 ... 收到用户明确的「确认」后 ... 调用 CLI MCP 执行已保存的 Python 脚本
Inspect the generated Python script before confirming execution, and run it in a limited project directory or sandbox.
A future package update could change behavior unexpectedly.
The setup example uses an unpinned latest package for the Playwright MCP server. This is common setup guidance, but it means the installed code can change over time.
"command": "npx", "args": ["@playwright/mcp@latest"]
Pin the Playwright MCP package to a reviewed version when configuring it.
Reports, screenshots, or DOM captures may retain sensitive page content after the test is complete.
The skill intentionally persists reports and may save screenshots or DOM data. This is useful for testing, but authenticated pages can contain private information.
强制落盘 2(必须执行):调用 File System MCP 生成并保存测试报告 ... 失败现场(截图/DOM)
Choose a safe output directory, review reports before sharing, and delete or redact artifacts that contain private data.