← 返回 Skills 市场
Quick Test
作者
GustavoZiaugra
· GitHub ↗
· v1.0.0
781
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install quick-test
功能描述
Run basic system commands to verify Python, working directory, file access, and command execution for OpenClaw environment validation and debugging.
安全使用建议
This appears to be a simple environment-check tool but it has mismatches and risky patterns. Before running it: (1) Review the Python script locally — do not run it in a production account or with sensitive environment variables present. (2) Fix or inspect subprocess usage: either use subprocess.run([...], shell=False) with argument lists or pass a single shell string if you intentionally want shell parsing; avoid shell=True if you accept untrusted input. (3) Remove or be careful with commands that print environment variables or list home directories if secrets may be present. (4) Be aware the SKILL.md promises CLI options and extra scripts that are not included; expect the shipped script to be buggy. Recommended safe approach: run inside an isolated container or ephemeral VM, or open and run the script line-by-line to confirm behavior rather than executing it untrusted. If you need this functionality but want safer behavior, ask the author to: implement proper CLI parsing, avoid shell=True, remove hard-coded paths, and limit env output to non-sensitive keys.
功能分析
Type: OpenClaw Skill
Name: quick-test
Version: 1.0.0
This skill is classified as suspicious due to multiple vulnerabilities and risky capabilities. The `SKILL.md` explicitly instructs the OpenClaw agent to allow arbitrary command execution via a `--command` parameter, which is a severe prompt injection vulnerability. It also instructs the agent to run `env | head -10` for debugging, and the `scripts/run_tests.py` script hardcodes `env head -5` as a test, both exposing environment variables. Furthermore, the `scripts/run_tests.py` uses `subprocess.run(cmd, shell=True, ...)` which is a critical shell injection vulnerability if user input were passed to it, even though the current script does not parse the `--command` argument.
能力评估
Purpose & Capability
The SKILL.md advertises CLI flags (--test, --command, --quiet) and additional scripts (scripts/tests.py, scripts/system_check.py) that are not present or not implemented in the included run_tests.py. The description (verify Python, working dir, file access) matches the general behavior, but the advertised features and files do not line up with the shipped code.
Instruction Scope
The instructions explicitly encourage running environment-inspecting commands such as `env | head -10` and arbitrary custom commands. That is reasonable for a debugging tool, but it also means the skill will print environment variables and file listings (possible secret leakage). The SKILL.md suggests user-supplied commands, but the provided run_tests.py lacks CLI parsing for those options — an inconsistency that could lead a user to run other, unintended commands locally.
Install Mechanism
There is no install spec (instruction-only skill with an included script). That is low risk from an installer perspective — nothing is automatically downloaded or written during install. The user must clone/run the repository manually.
Credentials
The skill requests no credentials, which is appropriate. However, it reads and prints environment variables and lists a hard-coded path (/home/zig/.openclaw/workspace) and writes to /tmp/quick_test.txt. Reading env and filesystem is consistent with an environment tester but can expose secrets; the hard-coded paths suggest the script is tailored to a specific account and may reveal or operate on data it shouldn't.
Persistence & Privilege
The skill does not request persistent inclusion (always:false) and does not modify agent configurations. It only contains a script the user must run; it does not request special privileges or persistence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install quick-test - 安装完成后,直接呼叫该 Skill 的名称或使用
/quick-test触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Simple system test to verify OpenClaw environment. Runs basic commands and validates output. Use when testing if OpenClaw is working correctly, verifying command execution, or need a simple command run. Perfect for debugging or confirming system status.
元数据
常见问题
Quick Test 是什么?
Run basic system commands to verify Python, working directory, file access, and command execution for OpenClaw environment validation and debugging. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 781 次。
如何安装 Quick Test?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install quick-test」即可一键安装,无需额外配置。
Quick Test 是免费的吗?
是的,Quick Test 完全免费(开源免费),可自由下载、安装和使用。
Quick Test 支持哪些平台?
Quick Test 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Quick Test?
由 GustavoZiaugra(@gustavoziaugra)开发并维护,当前版本 v1.0.0。
推荐 Skills