Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Testcase Template
v1.0.0车载系统 UI 自动化测试用例生成模板。基于 AndroidSystemTestFramework 框架, 生成标准化的应用中心类测试用例,支持应用打开验证、AI 截图断言、版本兼容、设备型号过滤。 适用于:生成测试用例、编写自动化测试、应用中心测试、UI 自动化、冒烟测试等场景。
⭐ 0· 39·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the provided instructions and templates: it produces AndroidSystemTestFramework-style UI test classes for in-vehicle systems. However, the templates include low-level vehicle/device commands (adb root/remount, vdt rp, gear-level changes) which go beyond mere code generation and imply direct control over vehicle hardware/state; this is plausible for an in-vehicle test template but should be expected and justified by the user.
Instruction Scope
Instructions explicitly call out commands that modify device/vehicle state (adb root; adb remount; vdt rp; vdt logctrl; gear-level rp) and call device.shell to execute system commands. They also mandate taking screenshots and calling self.tools.CheckResApi(ask, [image]) with a precisely formatted prompt — which likely sends images to an external AI/assertion service. The SKILL.md does not document where CheckResApi sends images or whether credentials/access control are required. These behaviors can be sensitive (changing vehicle signals, exfiltrating screenshots) and are outside what a casual template generator should do without explicit warnings.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code executed at install time — lowest install risk.
Credentials
The skill declares no environment variables or credentials, which matches the manifest. However, it requires usage of an external CheckResApi method to send screenshots for AI-based assertions; the SKILL.md provides no endpoint, token, or privacy details for these calls. The absence of declared credentials is a gap: sending images externally usually requires/configures an API client or credentials, which are not specified here.
Persistence & Privilege
The skill does not request permanent/always-on presence (always:false) and does not attempt to modify other skills or system-wide agent settings. Normal autonomous invocation is allowed by platform defaults.
What to consider before installing
This template is consistent with generating Android/vehicle UI tests, but it includes commands that change device or vehicle state (adb root/remount, vdt rp, gear-level commands) and requires sending screenshots to an unspecified CheckResApi. Before installing or using it: 1) Confirm you will run generated tests only on safe, isolated test devices or simulation environments (never on a live vehicle). 2) Ask the author or repository where CheckResApi points to and what credentials (if any) it needs; review the implementation of UiTools.CheckResApi to know whether screenshots or other sensitive data are transmitted externally. 3) If you lack a trusted implementation of the tools referenced (src.main.utils.UiTools, CheckResApi), do not run generated code until you inspect/replace those calls. 4) Prefer adding explicit configuration for where AI assertions run and require consent/credentials before any image upload. If you want, I can list exact questions to ask the maintainer or help draft a safer template that avoids destructive device commands and external uploads.Like a lobster shell, security has layers — review code before you run it.
latestvk977x5sx9ma60m3pqsfj8efh7s84r1hr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.