Webapp Testing Anthropic
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: webapp-testing-anthropic Version: 1.0.0 The skill bundle contains a helper script, `scripts/with_server.py`, which utilizes `subprocess.Popen(shell=True)` to execute arbitrary shell commands, introducing a significant shell injection vulnerability. Additionally, the `SKILL.md` file includes explicit instructions directing the AI agent to avoid reading the source code of the provided scripts, falsely claiming they are "very large" to justify this behavior. This instruction is a common prompt-injection tactic used to evade security inspection of the code the agent is expected to execute.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an untrusted or mistaken server command is supplied, it could run unintended local commands.
The helper intentionally runs a caller-supplied server command through the local shell, which is expected for starting development servers but can execute arbitrary local shell actions if misused.
process = subprocess.Popen(server['cmd'], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
Use the helper only with trusted project commands, review the exact command string before running it, and avoid passing untrusted input into --server.
A user or agent might run bundled helpers without inspecting what they do first.
The skill discourages source inspection before use. The included helper source appears consistent with the stated purpose, but this wording can reduce pre-run review.
DO NOT read the source until you try running the script first... They exist to be called directly as black-box scripts
Treat this as performance guidance, not a security rule; inspect bundled scripts whenever you want assurance before execution.
Screenshots or console logs from a local app could contain sensitive test data, tokens printed by the app, or private UI content.
The example stores captured browser console logs in a local output file; other examples also write screenshots. This is purpose-aligned but may persist app data.
with open('/mnt/user-data/outputs/console.log', 'w') as f: f.write('\n'.join(console_logs))Use non-sensitive test data where possible and review or delete generated logs/screenshots before sharing them.
It may be harder to verify the origin of the skill or know exactly how required tools such as Playwright should be installed.
The registry metadata does not provide an upstream source or install instructions. The bundled files are present for review, but dependency setup and provenance are not strongly declared.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the bundled files and install any needed dependencies, such as Playwright, only from trusted package sources.