← Back to Skills Marketplace
Webapp Testing
by
yang1002378395-cmyk
· GitHub ↗
· v1.0.0
· MIT-0
94
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install webapp-testing-cn
Description
Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing...
Usage Guidance
This skill appears to be what it says: Playwright examples plus a helper to start dev servers. Before installing or running it: 1) Inspect scripts/with_server.py — it spawns user-supplied shell commands (subprocess with shell=True); do not supply untrusted commands. 2) Run the helper with --help and test in an isolated environment (container or VM) so a misbehaving dev server or script can't affect your host. 3) If you plan to allow autonomous agent use, restrict or review any commands the agent can pass to the helper (autonomous invocation + shell-capable helpers increases risk). 4) Check where outputs are written (/mnt/user-data, /tmp) and adjust paths or permissions if needed. 5) If you want stronger safety, run the scripts manually the first time and audit the code (contrary to the SKILL.md suggestion to avoid reading source).
Capability Analysis
Type: OpenClaw Skill
Name: webapp-testing-cn
Version: 1.0.0
The skill bundle provides legitimate web testing functionality but contains a shell injection vulnerability in `scripts/with_server.py` due to the use of `subprocess.Popen` with `shell=True` on arbitrary server commands. Furthermore, `SKILL.md` explicitly instructs the AI agent to avoid reading the source code of the scripts ('DO NOT read the source until you try running the script first'), which effectively discourages the agent from auditing the risky implementation or identifying the shell injection surface.
Capability Assessment
Purpose & Capability
Name/description match the provided artifacts: Playwright examples and a server helper. No unrelated environment variables, binaries, or install steps are requested. The helper script's ability to start dev servers is appropriate for a local webapp testing toolkit.
Instruction Scope
SKILL.md stays within testing/useful automation patterns (take screenshots, inspect DOM, wait for networkidle). However it explicitly recommends treating bundled scripts as black boxes and not reading source unless necessary — that guidance reduces opportunity for user audit. The runtime instructions and examples show the helper starting arbitrary shell commands and writing files under /mnt/user-data and /tmp; these behaviors are expected for the stated purpose but worth reviewing before execution.
Install Mechanism
No install spec — instruction-only with included example scripts. This minimizes install-time risks (nothing downloaded or extracted). The code is bundled in the skill, so nothing external is fetched at install-time.
Credentials
The skill requests no environment variables or credentials. Example scripts write outputs to /mnt/user-data and /tmp and use localhost ports; these are reasonable for local testing and consistent with the skill's purpose.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skills. Model invocation is enabled (default) which is normal; note that autonomous invocation combined with shell-capable helpers increases blast radius and should be considered by administrators.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install webapp-testing-cn - After installation, invoke the skill by name or use
/webapp-testing-cn - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the webapp-testing toolkit.
- Provides scripts and best practices for testing local web applications using Playwright.
- Includes `scripts/with_server.py` to manage multiple server lifecycles for testing.
- Offers a decision tree to guide static vs. dynamic site testing approaches.
- Documents the "reconnaissance-then-action" pattern for frontend test automation.
- Emphasizes using helper scripts as black boxes and leveraging bundled examples for common tasks.
Metadata
Frequently Asked Questions
What is Webapp Testing?
Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing... It is an AI Agent Skill for Claude Code / OpenClaw, with 94 downloads so far.
How do I install Webapp Testing?
Run "/install webapp-testing-cn" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Webapp Testing free?
Yes, Webapp Testing is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Webapp Testing support?
Webapp Testing is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Webapp Testing?
It is built and maintained by yang1002378395-cmyk (@yang1002378395-cmyk); the current version is v1.0.0.
More Skills