Skill Tester

Skill Tester

This skill is a plausible QA/meta-skill and includes the right files, but it asks the agent to execute Python scripts (and to run validation across repositories). Before installing or running it: - Review the full contents of scripts/script_tester.py, scripts/skill_validator.py and scripts/quality_scorer.py to confirm they do only static analysis or safely sandbox execution. Look for uses of subprocess, os.system, socket/network libraries, eval/exec, or code that reads files outside the supplied skill directories. - If you must run it, do so in an isolated environment (dedicated CI runner or container) with no network access and minimal file permissions so that executing arbitrary skill code cannot reach secrets or other repositories. - Prefer a mode that performs static checks (AST/import analysis) over actually executing untrusted target scripts; if runtime execution is necessary, require explicit sandboxing (e.g., container, restricted user, seccomp) and timeouts. - If you control the repo, limit the set of directories passed to the tool and avoid running it with elevated privileges. Additional information that would reduce concern: code-level evidence that runtime testing uses a robust sandbox (process isolation, network disabled, chroot/container, strict time/resource limits) or that the tool can operate entirely in a static-analysis/dry-run mode without executing target scripts. Conversely, finding direct subprocess/network/file‑exfiltration code in the tester scripts would increase my severity to high.

Type: OpenClaw Skill Name: skill-tester Version: 2.1.1 The 'skill-tester' bundle is a meta-utility designed for quality assurance and scoring of other OpenClaw skills. While the code is well-documented and aligned with its stated purpose, 'scripts/script_tester.py' implements high-risk functionality by using 'subprocess.run' to execute Python scripts found in target directories to verify their runtime behavior. This capability provides a primitive for local code execution that could be exploited if the AI agent is directed to test a malicious skill bundle. No evidence of intentional malice, data exfiltration, or hardcoded IOCs was found.