← 返回 Skills 市场
3D Pet Checkout Test
作者
jinxuanzhu
· GitHub ↗
· v1.0.0
· MIT-0
309
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install 3d-pet-checkout-test
功能描述
执行 3D Pet 宠物下单测试完整流程,包含登录、选择产品、上传图片、等待生成、验证结账。用于自动化测试 joyarti 3D 宠物产品购买流程。
使用说明 (SKILL.md)
3D Pet 下单测试
执行 3D 宠物产品下单完整流程,验证购买路径是否正常。
触发条件
- 用户说"测试3D宠物"、"测试下单"、"3D Pet test"、"运行工作流"
- cron 定时任务触发
- 手动执行测试
关键配置
| 配置 | 环境变量 | 默认值 |
|---|---|---|
| 网站 | - | https://joyarti.com |
| 账号邮箱 | JOYARTI_EMAIL | (无默认值,请设置) |
| 账号密码 | JOYARTI_PASSWORD | (无默认值,请设置) |
| 测试图片 | JOYARTI_IMAGE_URL | (可选) |
| 推送目标 | FEISHU_TARGET | (无默认值,需配置) |
环境变量设置
在运行前设置环境变量(可选,如不设置则使用默认值):
export JOYARTI_EMAIL="[email protected]"
export JOYARTI_PASSWORD="your-password"
export JOYARTI_IMAGE_URL="https://example.com/image.jpg"
export FEISHU_TARGET="chat:oc_xxxxxxxxxxxxxxxxxx"
执行步骤
Step A: 登录
- navigate 到 https://joyarti.com/account/login
- wait 2000ms
- evaluate 填写邮箱密码并点击 Login
- wait 4000ms 等待跳转
- evaluate 验证登录成功(URL 含 /account)
Step B: 选择产品
- evaluate 点击导航 '3D Figure'
- wait 3000ms,验证 URL 含 figmaker
- evaluate 点击 'For Pets' (必须用 BUTTON 元素)
- wait 3000ms
- evaluate 点击 'Minimal Style' 的 Create 按钮 (必须用 BUTTON 元素)
- wait 3000ms,验证 URL 含 style2 且有文件上传框
Step C: 上传图片
- exec 下载图片到 /tmp/openclaw/uploads/pet_image.jpg
- exec 运行 CDP 上传脚本:
CDP_SCRIPT="${WORKSPACE}/cdp_upload.py" # 或从 skill 目录读取 python3 "$CDP_SCRIPT" /tmp/openclaw/uploads/pet_image.jpg joyarti- 成功输出:
OK: files=1 - 失败输出:
ERR: ...
- 成功输出:
- wait 3000ms
- evaluate 点击 Create Preview 按钮
Step D: 等待生成
- 禁止用 browser wait 超过 20s
- 用 exec + curl 轮询,每次 sleep 30s:
sleep 30 && curl -s http://127.0.0.1:18800/json/list | python3 -c " import json,sys tabs=json.load(sys.stdin) for t in tabs: if 'joyarti' in t.get('url','') and 'projectId' in t.get('url',''): print('DONE:', t['url']) " - 检测输出含
DONE:即生成完成,提取 projectId
Step E: 验证结账
- evaluate 点击 Buy Now
- wait 4000ms
- evaluate 验证跳转到 Shopify(URL 含 myshopify.com 或 checkout)
- evaluate 读取结账关键字段(产品、价格)
- 验证:产品含 'Pet'/'Figure',价格含 '$89.99'
- 必须登出并关闭浏览器
消息规则
每个 Step 开始和完成必须发消息到飞书群:
message(action=send, channel=feishu, target=FEISHU_TARGET, message="...")
- Step 开始:
⏳ Step X: xxx 开始... - Step 完成:
✅ Step X: xxx 完成 — {关键结果} - Step 失败:
❌ Step X: xxx 失败 — {原因}
最终报告模板
🧪 3D Pet 下单测试报告
时间:{startTime}–{endTime}(约 {duration} 分钟)
**账号:** JOYARTI_EMAIL
A: 登录 - {结果}
B: 选择产品 - {结果}
C: 上传图片 - {结果}
D: 3D 生成 - {结果}
E: 结账验证 - {结果}
projectId: {projectId}
产品: {product}
价格: {price}
结论:{通过/失败}
注意事项
- 点击必须用 BUTTON:禁止点击 SPAN/DIV 元素,必须用
querySelectorAll('button')限定 - 上传用 CDP 脚本:
browser.upload()不触发 React onChange - 生成等待用 exec:禁止
browser.act kind=wait timeMs>20000 - 必须登出关闭浏览器:确保下次测试干净
- 禁止点击 Place order/Pay now:只验证不付款
安全使用建议
Do not run this skill with your real account credentials or in an uncontrolled environment. Before using: (1) Remove or replace the hard-coded JOYARTI credentials in the workflow; (2) Ensure FEISHU_TARGET and the hard-coded chat id are correct and acceptable to you — confirm the destination is owned/trusted; (3) Review cdp_upload.py carefully — it will start a daemon via 'npx agent-browser', which downloads and executes code at runtime; prefer pre-installed, audited binaries instead of npx. Run the skill in an isolated sandbox or test VM, and inspect outgoing network activity (npx/npm and any Feishu message calls). If you only need browser automation, consider a version that does not start daemons or require external messaging confirmation, and that declares its required env vars and credentials explicitly.
功能分析
Type: OpenClaw Skill
Name: 3d-pet-checkout-test
Version: 1.0.0
The skill bundle is designed for automated QA testing of a specific e-commerce site (joyarti.com). It is classified as suspicious due to the inclusion of hardcoded plaintext credentials in workflow-3d-pet.json and the use of high-risk execution patterns, specifically the cdp_upload.py script which uses npx to execute potentially remote code and interacts directly with the browser via WebSockets/CDP. While these behaviors appear aligned with the stated automation goals, the combination of hardcoded secrets and raw CDP manipulation represents a significant security risk and a potential vector for unauthorized browser control.
能力评估
Purpose & Capability
The SKILL.md and workflow clearly implement a checkout test for joyarti, which matches the name. However the registry metadata declares no required env vars while the instructions require JOYARTI_EMAIL, JOYARTI_PASSWORD, FEISHU_TARGET and optionally JOYARTI_IMAGE_URL. The workflow JSON also embeds default credentials (email/password) directly in config – unexpected and sensitive. The workflow hard-codes a Feishu chat target in CRITICAL_RULES (different from the FEISHU_TARGET variable named in SKILL.md). These mismatches (undeclared env vars + baked-in credentials + hard-coded message target) are disproportionate to a simple test helper and inconsistent with the declared skill requirements.
Instruction Scope
Runtime instructions go beyond simple browser automation: they (a) instruct exec downloads to /tmp, (b) run the included CDP uploader which queries a local DevTools HTTP API (127.0.0.1:18800), (c) require sending and confirming messages to Feishu for every step with enforced retries, and (d) use npx (via the CDP script) to start an agent daemon. The instructions also mandate strict behaviors (always send messages, confirm ok:true and messageId) and reference filesystem paths outside the skill (e.g., /Users/ezeeship/.openclaw/agents/...). The enforced messaging requirements and hard-coded target increase the attack/surveillance surface and are not justified by a minimal test description.
Install Mechanism
The skill has no declared install spec (instruction-only) but includes a Python script that will call out to 'npx agent-browser ...' if the daemon is absent. That causes dynamic runtime downloads and execution from the npm ecosystem (npx), which is a higher-risk install behavior that is not visible at install-time. There is no verification of what npx will fetch/run. The skill also writes/reads from /tmp and may start persistent processes (agent-browser daemon).
Credentials
The SKILL.md expects user credentials and a Feishu target, but the skill package/registry did not declare these requirements. Worse, the workflow embeds default JOYARTI credentials in cleartext — a direct red flag (exposed sensitive data). The required Feishu target is enforced (and a different hard-coded chat id exists in workflow JSON), yet there is no mention of how Feishu authentication is provided or scoped. Overall, credential handling is inconsistent and excessive for a test helper.
Persistence & Privilege
The skill is not granted always:true and does not directly modify other skills. However the CDP script can start a long-running 'agent-browser' daemon (via npx) and interact with a local DevTools endpoint (127.0.0.1:18800). This creates persistent local processes and runtime network activity (npm). This is noteworthy but not a declared platform privilege escalation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install 3d-pet-checkout-test - 安装完成后,直接呼叫该 Skill 的名称或使用
/3d-pet-checkout-test触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
3D Pet 下单自动化测试 — 初始版本
- 实现完整 3D Pet 宠物购买流程的自动化测试,包括登录、选品、上传图片、生成预览与结账验证
- 支持飞书群消息通知,每步关键节点自动推送进度与结果
- 配置项与环境变量集中管理,便于自定义测试账号与图片
- 强调关键操作规范,如按钮点击、文件上传与轮询检测
- 测试流程结束后,自动生成标准化报告
元数据
常见问题
3D Pet Checkout Test 是什么?
执行 3D Pet 宠物下单测试完整流程,包含登录、选择产品、上传图片、等待生成、验证结账。用于自动化测试 joyarti 3D 宠物产品购买流程。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 309 次。
如何安装 3D Pet Checkout Test?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install 3d-pet-checkout-test」即可一键安装,无需额外配置。
3D Pet Checkout Test 是免费的吗?
是的,3D Pet Checkout Test 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
3D Pet Checkout Test 支持哪些平台?
3D Pet Checkout Test 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 3D Pet Checkout Test?
由 jinxuanzhu(@jinxuanzhu)开发并维护,当前版本 v1.0.0。
推荐 Skills