Qa Patrol
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: qa-patrol Version: 1.0.3 The skill is classified as suspicious due to its declared high-risk capabilities, despite explicit documentation of benign intent. It requires `read` permission to scan local files (`repo_path: ./src`) for static analysis, can connect to and execute arbitrary SQL queries against a user-provided database (`DATABASE_URL`), and can make arbitrary HTTP requests (`type: api_check` in `payments-stripe.yaml`). While the `SKILL.md` and `references/bug-patterns.md` files repeatedly emphasize that these features are for *detecting* issues in the user's *own codebase* (e.g., exposed API keys) and that no data leaves the machine, these capabilities are inherently powerful and could be misused by a malicious user or exploited if the agent were compromised. There is no evidence of intentional malicious behavior by the skill itself, but the broad access to local files, databases, and network makes it more than benign.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A test run could create, edit, delete, or otherwise mutate data in the target web app.
The advanced SaaS template can direct browser automation to perform destructive UI actions. This is purpose-aligned for QA, but it can change real app data if run against a production account.
name: Delete item ... click: { ref: delete_button } ... click: { ref: confirm_delete }Run these plans only against apps and accounts you control, preferably staging/test environments, and review mutation steps before execution.
If production credentials or a write-capable production database URL are supplied, the agent could access sensitive accounts or data during testing.
The skill may use privileged test accounts and a database connection. The artifacts disclose this and warn against production credentials, but these inputs are still high-impact.
`ADMIN_PASSWORD` ... `PRO_PASSWORD` ... `DATABASE_URL` ... Use test credentials only — never supply production passwords or production DATABASE_URL.
Use dedicated test accounts, least-privilege credentials, test-mode Stripe, and a read-only or disposable database connection where possible.
Sensitive UI content, console messages, or test data could appear in local reports or the agent context.
QA evidence, screenshots, snapshots, and console logs may include sensitive page content or test data. The artifacts frame this as local QA reporting, not exfiltration.
Capture snapshot and console logs ... Record PASS/FAIL/SKIP with evidence
Use scrubbed test data and review generated reports or screenshots before sharing them.
A user might read the privacy claim too broadly and forget that target apps and connected services still receive the automated test traffic.
The privacy wording is broad: the skill does not show its own cloud service, but testing a web app or database necessarily sends traffic to the user-provided app, Stripe/test services, or database endpoint.
Nothing is sent to external servers ... `APP_URL` ... `DATABASE_URL`
Interpret the claim as no QA Patrol vendor/cloud backend, not as no network traffic; use only intended test targets.