← Back to Skills Marketplace
Webapp Testing Anthropic
by
pupuking723
· GitHub ↗
· v1.0.0
· MIT-0
291
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install webapp-testing-anthropic
Description
Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing...
Usage Guidance
This skill appears to do what it says (local Playwright testing) but take precautions before running it: 1) Inspect the included scripts (especially scripts/with_server.py) yourself — do not accept the SKILL.md suggestion to skip reading the source. The helper starts user-provided commands using shell=True, so malformed or malicious command strings could run arbitrary shell code. 2) Ensure Playwright, its browser binaries, and any node/npm tooling you need are installed — the skill does not declare or install these dependencies. 3) Run the scripts in an isolated environment (container or VM) when first testing, and avoid passing sensitive credentials in server command arguments. 4) Note where example scripts write files (/mnt/user-data/outputs, /tmp) and ensure those locations are appropriate. If you need to rely on this skill in production or give it broader access, ask the author for explicit dependency and security documentation, or only use the code after manual review.
Capability Analysis
Type: OpenClaw Skill
Name: webapp-testing-anthropic
Version: 1.0.0
The skill bundle contains a helper script, `scripts/with_server.py`, which utilizes `subprocess.Popen(shell=True)` to execute arbitrary shell commands, introducing a significant shell injection vulnerability. Additionally, the `SKILL.md` file includes explicit instructions directing the AI agent to avoid reading the source code of the provided scripts, falsely claiming they are "very large" to justify this behavior. This instruction is a common prompt-injection tactic used to evade security inspection of the code the agent is expected to execute.
Capability Assessment
Purpose & Capability
The skill claims to be a Playwright toolkit for testing local webapps and includes examples and a server helper. However, the package declares no required binaries or install steps even though examples and usage require Python Playwright (and browser binaries) and examples reference npm/node for dev servers. That missing dependency declaration is an incoherence: a legitimate Playwright skill should document or install its runtime dependencies.
Instruction Scope
SKILL.md instructs running included helper scripts as black boxes and explicitly says 'DO NOT read the source until you try running the script first.' The included helper (scripts/with_server.py) accepts arbitrary server commands and starts them with subprocess.Popen(..., shell=True). Advising not to inspect code while providing a script that runs shell commands reduces transparency and increases risk if users run unreviewed commands.
Install Mechanism
There is no install spec (instruction-only), which minimizes automatic installation risk. However, the skill bundles runnable Python scripts that assume libraries (playwright) and possibly Node tooling are present — the absence of any declared install steps or dependency guidance is notable but not itself malicious.
Credentials
The skill requests no environment variables or credentials (good). It does perform local file I/O in examples (writes to /mnt/user-data/outputs and /tmp) and will open network connections to localhost ports. Those behaviors are consistent with local webapp testing, but the manifest should have documented the filesystem paths and the fact that user-supplied server commands may access secrets if users embed them in the command strings.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform privileges, and does not modify other skills' configuration. It runs only when invoked and does not claim persistent agent presence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install webapp-testing-anthropic - After installation, invoke the skill by name or use
/webapp-testing-anthropic - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of webapp-testing: tools and best practices for Playwright-based local web application testing.
- Provides helper scripts for managing server lifecycles, including support for multiple servers
- Includes a decision tree for selecting the right testing approach for static or dynamic web apps
- Documents reconnaissance-then-action pattern for effective UI inspection and automation
- Offers usage examples and best practices for robust Playwright scripting
- Bundles reference scripts and sample automation patterns in the examples directory
Metadata
Frequently Asked Questions
What is Webapp Testing Anthropic?
Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing... It is an AI Agent Skill for Claude Code / OpenClaw, with 291 downloads so far.
How do I install Webapp Testing Anthropic?
Run "/install webapp-testing-anthropic" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Webapp Testing Anthropic free?
Yes, Webapp Testing Anthropic is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Webapp Testing Anthropic support?
Webapp Testing Anthropic is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Webapp Testing Anthropic?
It is built and maintained by pupuking723 (@pupuking723); the current version is v1.0.0.
More Skills