← 返回 Skills 市场

Billy — Mission Control Visual QA

Name: Billy — Mission Control Visual QA
Author: highlander89

作者 Highlander89 · GitHub ↗ · v0.1.3

cross-platform ⚠ suspicious

478

总下载

当前安装

版本数

在 OpenClaw 中安装

/install billy-mission-control-visual-qa

功能描述

Run Mission Control visual QA on SAPCONET over SSH using Puppeteer screenshots and basic DOM checks.

使用说明 (SKILL.md)

mission-control-visual-qa

Author: Billy (SAPCONET)

Purpose

Run visual QA (screenshots + basic DOM checks) for Mission Control pages on SAPCONET via SSH (Neill machine 100.110.24.44).

What this skill includes

scripts/mission-control-visual-qa.js: Puppeteer-based remote runner (intended to run on SAPCONET).
scripts/run-mission-control-visual-qa.sh: Local helper that copies and runs the Node script over scp + ssh.

Safety rules

Only target Mission Control pages you are authorized to inspect.
Default output path is ~/.openclaw/workspace/output/visual-qa/ on SAPCONET.
No external network activity is performed by scripts other than SSH/SCP to SAPCONET and page loads for supplied URLs.
Script is read-only and does not submit forms or click destructive controls.

Usage

From local machine:

bash scripts/run-mission-control-visual-qa.sh \
  "https://mission-control.example.local/dashboard" \
  "https://mission-control.example.local/status"

Optional env vars:

SSH_TARGET (default: [email protected])
REMOTE_RUN_DIR (default: ~/.openclaw/workspace/mission-control-visual-qa-runner)
OUTPUT_DIR (default: ~/.openclaw/workspace/output/visual-qa/)

Expected output

On SAPCONET host, each URL produces:

*.png screenshot
basic DOM result (title + presence of main, h1, and body text)
final JSON summary printed to stdout

安全使用建议

This appears coherent for running remote visual QA, but check a few operational points before installing: 1) Confirm and trust the SSH_TARGET (100.110.24.44) and that you are authorized to run checks there. 2) Ensure puppeteer and a compatible Chromium/Chrome are installed on the remote host (the script will exit if puppeteer is missing). 3) Be aware screenshots are stored on the remote OUTPUT_DIR and are not automatically copied back; if you need the images locally, retrieve them explicitly. 4) The helper script expands ~ and other paths locally when building remote mkdir commands; to avoid creating unexpected absolute paths on the remote host, explicitly set REMOTE_RUN_DIR and OUTPUT_DIR to absolute paths appropriate for the remote user. 5) Because the tool loads pages you supply, avoid pointing it at any pages you are not permitted to inspect—page titles and metadata will be printed and could reveal sensitive information. If you want tighter safety, review/update the helper script to preserve remote-side tilde expansion (quote remote commands) and confirm argument escaping in your environment.

功能分析

Type: OpenClaw Skill Name: billy-mission-control-visual-qa Version: 0.1.3 The skill is classified as suspicious due to several risky capabilities, even though they align with its stated purpose. The `scripts/mission-control-visual-qa.js` script uses Puppeteer with the `--no-sandbox` and `--disable-setuid-sandbox` arguments, which significantly reduces the security posture of the remote browser execution. Furthermore, critical parameters like `SSH_TARGET`, `REMOTE_RUN_DIR`, `OUTPUT_DIR` in `scripts/run-mission-control-visual-qa.sh`, and `CHROMIUM_PATH` in `scripts/mission-control-visual-qa.js` are configurable via environment variables. While this offers flexibility, it also presents a significant vulnerability if an attacker can manipulate these environment variables, potentially leading to arbitrary code execution (via `CHROMIUM_PATH`), redirection of SSH connections, or writing files to arbitrary locations on the remote host. There is no evidence of intentional malicious behavior, data exfiltration, or prompt injection against the agent.

能力评估

✓ Purpose & Capability

The name/description (visual QA on Mission Control via SSH) matches the provided artifacts: a Puppeteer Node script (scripts/mission-control-visual-qa.js) and an SSH/SCP helper (scripts/run-mission-control-visual-qa.sh). No unrelated binaries, credentials, or config paths are requested. The default SSH target ([email protected]) is hard-coded as a sensible default for this use case and aligns with the description.

ℹ Instruction Scope

The SKILL.md and scripts limit actions to copying the Node script to the remote host, launching Chromium via Puppeteer to load supplied URLs, performing simple DOM checks (title, presence of main & h1, body text length), taking screenshots, and printing a JSON summary. The script does not submit forms or click controls. Note: the Node script collects page title (string) and the numeric bodyTextLength but does NOT transmit full page body text; screenshots remain on the remote OUTPUT_DIR and are not automatically copied back. Also, the helper script expands paths (including ~) locally when building the remote mkdir command, which can cause unexpected absolute paths on the remote host—this is an operational bug rather than malicious behavior.

ℹ Install Mechanism

No install spec is provided (instruction-only + code files), so nothing is automatically downloaded or written by the platform. The Node script requires the 'puppeteer' package and a Chromium binary on the remote host; the script will error and exit if puppeteer is not installed. This is expected but requires manual setup on the SAPCONET host.

✓ Credentials

No required environment variables or credentials are declared. Optional env vars (SSH_TARGET, REMOTE_RUN_DIR, OUTPUT_DIR, CHROMIUM_PATH) are directly relevant to remote execution and are proportionate to the task. There are no requests for unrelated secrets or system credentials.

✓ Persistence & Privilege

always is false and the skill does not attempt to modify other skills or agent-wide configuration. It only copies its own script to the remote host and writes output under the specified OUTPUT_DIR on that host. No elevated persistence or hidden backdoors are present.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install billy-mission-control-visual-qa
安装完成后，直接呼叫该 Skill 的名称或使用 /billy-mission-control-visual-qa 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.3

Stability: puppeteer runner + screenshot JSON summary

v0.1.2

Initial public release.

v0.1.0

Initial release

元数据

Slug billy-mission-control-visual-qa

版本 0.1.3

许可证 —

累计安装 0

当前安装数 0

历史版本数 3

常见问题