← 返回 Skills 市场
Webapp Testing Anthropic
作者
pupuking723
· GitHub ↗
· v1.0.0
· MIT-0
291
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install webapp-testing-anthropic
功能描述
Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing...
安全使用建议
This skill appears to do what it says (local Playwright testing) but take precautions before running it: 1) Inspect the included scripts (especially scripts/with_server.py) yourself — do not accept the SKILL.md suggestion to skip reading the source. The helper starts user-provided commands using shell=True, so malformed or malicious command strings could run arbitrary shell code. 2) Ensure Playwright, its browser binaries, and any node/npm tooling you need are installed — the skill does not declare or install these dependencies. 3) Run the scripts in an isolated environment (container or VM) when first testing, and avoid passing sensitive credentials in server command arguments. 4) Note where example scripts write files (/mnt/user-data/outputs, /tmp) and ensure those locations are appropriate. If you need to rely on this skill in production or give it broader access, ask the author for explicit dependency and security documentation, or only use the code after manual review.
功能分析
Type: OpenClaw Skill
Name: webapp-testing-anthropic
Version: 1.0.0
The skill bundle contains a helper script, `scripts/with_server.py`, which utilizes `subprocess.Popen(shell=True)` to execute arbitrary shell commands, introducing a significant shell injection vulnerability. Additionally, the `SKILL.md` file includes explicit instructions directing the AI agent to avoid reading the source code of the provided scripts, falsely claiming they are "very large" to justify this behavior. This instruction is a common prompt-injection tactic used to evade security inspection of the code the agent is expected to execute.
能力评估
Purpose & Capability
The skill claims to be a Playwright toolkit for testing local webapps and includes examples and a server helper. However, the package declares no required binaries or install steps even though examples and usage require Python Playwright (and browser binaries) and examples reference npm/node for dev servers. That missing dependency declaration is an incoherence: a legitimate Playwright skill should document or install its runtime dependencies.
Instruction Scope
SKILL.md instructs running included helper scripts as black boxes and explicitly says 'DO NOT read the source until you try running the script first.' The included helper (scripts/with_server.py) accepts arbitrary server commands and starts them with subprocess.Popen(..., shell=True). Advising not to inspect code while providing a script that runs shell commands reduces transparency and increases risk if users run unreviewed commands.
Install Mechanism
There is no install spec (instruction-only), which minimizes automatic installation risk. However, the skill bundles runnable Python scripts that assume libraries (playwright) and possibly Node tooling are present — the absence of any declared install steps or dependency guidance is notable but not itself malicious.
Credentials
The skill requests no environment variables or credentials (good). It does perform local file I/O in examples (writes to /mnt/user-data/outputs and /tmp) and will open network connections to localhost ports. Those behaviors are consistent with local webapp testing, but the manifest should have documented the filesystem paths and the fact that user-supplied server commands may access secrets if users embed them in the command strings.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform privileges, and does not modify other skills' configuration. It runs only when invoked and does not claim persistent agent presence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install webapp-testing-anthropic - 安装完成后,直接呼叫该 Skill 的名称或使用
/webapp-testing-anthropic触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of webapp-testing: tools and best practices for Playwright-based local web application testing.
- Provides helper scripts for managing server lifecycles, including support for multiple servers
- Includes a decision tree for selecting the right testing approach for static or dynamic web apps
- Documents reconnaissance-then-action pattern for effective UI inspection and automation
- Offers usage examples and best practices for robust Playwright scripting
- Bundles reference scripts and sample automation patterns in the examples directory
元数据
常见问题
Webapp Testing Anthropic 是什么?
Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 291 次。
如何安装 Webapp Testing Anthropic?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install webapp-testing-anthropic」即可一键安装,无需额外配置。
Webapp Testing Anthropic 是免费的吗?
是的,Webapp Testing Anthropic 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Webapp Testing Anthropic 支持哪些平台?
Webapp Testing Anthropic 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Webapp Testing Anthropic?
由 pupuking723(@pupuking723)开发并维护,当前版本 v1.0.0。
推荐 Skills