← 返回 Skills 市场
yitao2027

Visual Bug Hunter

作者 yitao2027 · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ⚠ suspicious
75
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install visual-bug-hunter
功能描述
视觉 Bug 定位与修复 Skill。当用户描述 GUI App 或 Web App 存在视觉 Bug(按钮点不了、元素重叠、布局错位、样式异常),或 AI 反复修 Bug 但无法自检验证效果,或需要对应用进行 UI 自动化测试时触发。通过截图感知 + UI 交互测试 + 控制台捕获 + 代码精准定位的闭环流程,...
安全使用建议
This skill's goal (visual UI detection + minimal code fixes) is reasonable, but proceed cautiously: 1) Confirm which implementation you will run — the registry's instruction-only skill (no install) or the README's pip package/GitHub code; installing the package pulls external code. 2) Only run the skill in a sandbox or VM first because it requires screen-capture and accessibility permissions and will launch/drive apps (these capabilities can access more than just the project if misconfigured). 3) Verify the exact commands the agent will execute (app launch paths, subprocess usage) and ensure the 'project_directory_only' restriction is actually enforced by the platform before granting permissions. 4) Do not provide screenshots or point the agent at apps containing sensitive data until you trust the implementation; sanitize inputs. 5) Inspect the GitHub/pip source (if you intend to install) for any unexpected network calls, logging, or file system access. If you are unsure, ask the skill author for a reproducible security/privacy checklist and an explicit statement of OS support (macOS vs cross-platform) and required permissions.
功能分析
Type: OpenClaw Skill Name: visual-bug-hunter Version: 1.1.0 The skill requests high-risk capabilities including screen capture (mcp_runtime screen.capture), UI automation (pyautogui, AppleScript), and process execution (subprocess.Popen) to facilitate visual bug hunting. While these capabilities are plausibly required for the stated purpose and the instructions in SKILL.md include safety constraints (e.g., limiting scope to the project directory), the inherent risk of granting an AI agent full UI control and screen access is significant. No evidence of intentional malice was found, but the broad permissions make it a high-risk tool.
能力标签
requires-sensitive-credentials
能力评估
Purpose & Capability
Name/description align with UI visual testing, code-localization, and automated interaction. However, the SKILL.md claims 'no local dependencies / no installs' while the workflow repeatedly references local tools (pyautogui, macOS screencapture, AppleScript, subprocess for launching apps) and the README advertises a pip package. That mismatch (instruction-only vs README/pip package and platform-specific tooling) is inconsistent and could lead to failure or unexpected behavior on non-mac systems or when required tools are absent.
Instruction Scope
Instructions direct the agent to capture screenshots, start/drive target apps, perform clicks/inputs, and capture stderr/stdout for the target process. While SKILL.md states file access is limited to a user-specified project directory, runtime steps (launching apps, capturing process logs, interacting with the desktop) require system-level capabilities and accessibility permissions that go beyond simple code reading. Those actions could potentially touch resources outside the project if mis-specified; the SKILL.md does not include explicit safeguards (e.g., validating app paths, requiring explicit user consent for accessibility privileges) or guidance to avoid accidental access to other files/processes.
Install Mechanism
There is no install spec in the registry (instruction-only), which is low-risk. However, the included README advertises pip installation and a GitHub repo and references a CLI script; that suggests an external package exists. The discrepancy between 'no install' claim and published package instructions is ambiguous and should be reconciled: if the user follows README/pip, that will install external code from PyPI/GitHub (higher risk) even though the skill registry entry itself installs nothing.
Credentials
The skill declares no required env vars or credentials, which is proportionate to the stated task. But it implicitly requires desktop automation permissions (screen capture, accessibility controls) and the ability to launch and capture stdout/stderr of user-specified apps. Those capabilities require OS-level permissions and could be abused if the agent is allowed to run arbitrary commands or given an incorrect target path. The skill also claims it will not access sensitive paths (~/.ssh, ~/.env, browser cookies), but those protections are declarative and not enforced by code here — the agent's runtime could still be directed to read other files unless the platform enforces the 'project_directory_only' scope.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence; it's user-invocable and does not declare modifications to other skills or system-wide settings. That is appropriate for its purpose.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install visual-bug-hunter
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /visual-bug-hunter 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
**Changelog for visual-bug-hunter v1.1.0** - Added explicit security and permission disclosures, clarifying no external credentials or sensitive file access are required. - Documented the install type as "skill" and limited the scope to the project directory only. - Updated technical descriptions to highlight the use of built-in AI platform capabilities without external APIs. - Clarified boundaries of file and process access for greater safety transparency. - Added a dedicated section comparing this skill with similar tools for clearer positioning. - Improved formatting, bug reporting, and verification examples for stronger usability.
v1.0.0
Initial release of Visual Bug Hunter Skill - Enables AI to visually detect and fix GUI/Web App bugs through screenshot analysis, UI automation, log capture, and code diff generation. - Uses "eye see + hand click" workflow for end-to-end Bug hunting, mapping visual problems directly to code lines. - Minimizes unnecessary code changes by outputting only precise diffs, saving tokens. - Includes self-verification via before/after screenshot comparison using vision models. - Not applicable for pure backend, database, or API-without-UI bugs.
元数据
Slug visual-bug-hunter
版本 1.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Visual Bug Hunter 是什么?

视觉 Bug 定位与修复 Skill。当用户描述 GUI App 或 Web App 存在视觉 Bug(按钮点不了、元素重叠、布局错位、样式异常),或 AI 反复修 Bug 但无法自检验证效果,或需要对应用进行 UI 自动化测试时触发。通过截图感知 + UI 交互测试 + 控制台捕获 + 代码精准定位的闭环流程,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 75 次。

如何安装 Visual Bug Hunter?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install visual-bug-hunter」即可一键安装,无需额外配置。

Visual Bug Hunter 是免费的吗?

是的,Visual Bug Hunter 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Visual Bug Hunter 支持哪些平台?

Visual Bug Hunter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Visual Bug Hunter?

由 yitao2027(@yitao2027)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论