v1.0.0

web-test-reporter

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:30 AM.

Analysis

The skill is coherent as a web testing/reporting helper, but it can log in and perform confirmed create/edit/delete/approval/export actions, and its report template can save passwords, so it needs careful review before use.

GuidanceUse this skill only on systems where automated testing is authorized, preferably staging or test environments. Provide a least-privilege test account, do not put real passwords in the generated report, review screenshots for sensitive data, and require explicit confirmation before delete, submit/approval, export, or other business-impacting actions.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

所有确认类操作必须走双路径（取消 + 确认）... 再次删除 → 确认... 点击导出 → 截图

The skill directs the agent to drive confirmed mutation, deletion, approval, and export flows through the target web app. Although it says to delete only self-created test data, the artifacts do not require staging-only use, rollback, or explicit user approval before the confirming branch.

User impactIf used against a production or sensitive system, the agent could create, edit, delete, submit, approve, or export real business data under the user's session.

RecommendationUse only in a staging/test environment with test data and a least-privilege test account; require explicit confirmation before delete, submit/approve, export, or other irreversible actions.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

必须使用 agent-browser... 报告为 Word .docx，用 Python `python-docx` 生成。

The skill depends on an external browser CLI and a Python package, but the provided install specification does not pin or install them. This is expected for the task, but users should verify the local tools they run.

User impactThe safety of execution also depends on the locally installed agent-browser CLI and python-docx package.

RecommendationInstall these tools from trusted sources, pin known-good versions where possible, and review the local report script before running it.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

需要登录 → 询问租户（如有）、用户名、密码，获取后登录

The skill asks for web-app login credentials and then acts inside the application. This is expected for authenticated web testing, but it gives the agent the same privileges as the supplied account.

User impactActions taken during testing will be attributable to the supplied account and may access or change data available to that account.

RecommendationProvide a dedicated test account with the minimum required permissions, avoid production admin credentials, and rotate credentials if they are exposed in reports or logs.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

scripts/build_report.py

para(doc, "账号：租户=园区智慧应用管理系统，用户=admin，密码=admin123")

The report-generation template writes an account and password into the persistent Word report. If replaced with real credentials, or if the sample credential is valid, the report becomes a sensitive credential-bearing artifact.

User impactAnyone who receives or can read the generated report may learn login credentials and reuse them.

RecommendationDo not include passwords in generated reports; record only a non-sensitive test account identifier, redact screenshots, and store reports in an access-controlled location.