← Back to Skills Marketplace
Quick Test
by
GustavoZiaugra
· GitHub ↗
· v1.0.0
781
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install quick-test
Description
Run basic system commands to verify Python, working directory, file access, and command execution for OpenClaw environment validation and debugging.
Usage Guidance
This appears to be a simple environment-check tool but it has mismatches and risky patterns. Before running it: (1) Review the Python script locally — do not run it in a production account or with sensitive environment variables present. (2) Fix or inspect subprocess usage: either use subprocess.run([...], shell=False) with argument lists or pass a single shell string if you intentionally want shell parsing; avoid shell=True if you accept untrusted input. (3) Remove or be careful with commands that print environment variables or list home directories if secrets may be present. (4) Be aware the SKILL.md promises CLI options and extra scripts that are not included; expect the shipped script to be buggy. Recommended safe approach: run inside an isolated container or ephemeral VM, or open and run the script line-by-line to confirm behavior rather than executing it untrusted. If you need this functionality but want safer behavior, ask the author to: implement proper CLI parsing, avoid shell=True, remove hard-coded paths, and limit env output to non-sensitive keys.
Capability Analysis
Type: OpenClaw Skill
Name: quick-test
Version: 1.0.0
This skill is classified as suspicious due to multiple vulnerabilities and risky capabilities. The `SKILL.md` explicitly instructs the OpenClaw agent to allow arbitrary command execution via a `--command` parameter, which is a severe prompt injection vulnerability. It also instructs the agent to run `env | head -10` for debugging, and the `scripts/run_tests.py` script hardcodes `env head -5` as a test, both exposing environment variables. Furthermore, the `scripts/run_tests.py` uses `subprocess.run(cmd, shell=True, ...)` which is a critical shell injection vulnerability if user input were passed to it, even though the current script does not parse the `--command` argument.
Capability Assessment
Purpose & Capability
The SKILL.md advertises CLI flags (--test, --command, --quiet) and additional scripts (scripts/tests.py, scripts/system_check.py) that are not present or not implemented in the included run_tests.py. The description (verify Python, working dir, file access) matches the general behavior, but the advertised features and files do not line up with the shipped code.
Instruction Scope
The instructions explicitly encourage running environment-inspecting commands such as `env | head -10` and arbitrary custom commands. That is reasonable for a debugging tool, but it also means the skill will print environment variables and file listings (possible secret leakage). The SKILL.md suggests user-supplied commands, but the provided run_tests.py lacks CLI parsing for those options — an inconsistency that could lead a user to run other, unintended commands locally.
Install Mechanism
There is no install spec (instruction-only skill with an included script). That is low risk from an installer perspective — nothing is automatically downloaded or written during install. The user must clone/run the repository manually.
Credentials
The skill requests no credentials, which is appropriate. However, it reads and prints environment variables and lists a hard-coded path (/home/zig/.openclaw/workspace) and writes to /tmp/quick_test.txt. Reading env and filesystem is consistent with an environment tester but can expose secrets; the hard-coded paths suggest the script is tailored to a specific account and may reveal or operate on data it shouldn't.
Persistence & Privilege
The skill does not request persistent inclusion (always:false) and does not modify agent configurations. It only contains a script the user must run; it does not request special privileges or persistence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install quick-test - After installation, invoke the skill by name or use
/quick-test - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Simple system test to verify OpenClaw environment. Runs basic commands and validates output. Use when testing if OpenClaw is working correctly, verifying command execution, or need a simple command run. Perfect for debugging or confirming system status.
Metadata
Frequently Asked Questions
What is Quick Test?
Run basic system commands to verify Python, working directory, file access, and command execution for OpenClaw environment validation and debugging. It is an AI Agent Skill for Claude Code / OpenClaw, with 781 downloads so far.
How do I install Quick Test?
Run "/install quick-test" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Quick Test free?
Yes, Quick Test is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Quick Test support?
Quick Test is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Quick Test?
It is built and maintained by GustavoZiaugra (@gustavoziaugra); the current version is v1.0.0.
More Skills