技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.6.1
统计:⭐ 0 · 301 · 1 current installs · 1 all-time installs
⭐ 0
安装量(当前) 1
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:avivahe326/human-test
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill's description (hire human testers and return AI-aggregated reports) is plausible, but the runtime instructions ask the agent to install and run an unsigned npm app, auto-detect multiple AI API keys from the environment, and create a local service with a default admin — behaviors that are not represented in the registry metadata and elevate risk.
目的
The stated purpose (running human usability tests and returning a report) is reasonable, but the SKILL.md instructs installing and running a third‑party package (humantest-app) and starting a persistent local server. The registry metadata lists no required env vars or credentials, yet the instructions explicitly rely on multiple AI provider API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, DEEPSEEK_API_KEY, GEMINI_API_KEY). That mismatch (undeclare…
说明范围
The SKILL.md instructs the agent to: curl a BASE_URL, or (if not available) run 'npm i -g humantest-app', init and start a local server which will auto-detect AI API keys from the environment, create a default admin user automatically, and serve endpoints that accept webhooks and repo URLs for automated code fixes. These instructions read and use environment variables not declared in the registry, create persistent services, and can POST repor…
安装机制
There is no formal install spec in the registry, yet the instructions instruct a global npm install ('npm i -g humantest-app') and then run binaries that build/start the app. Installing an unvetted global npm package from an unspecified source is high risk: the package could execute arbitrary code on the host, and the SKILL.md gives no provenance or checksum for the package. The absence of an explicit, trusted install specification reduces tra…
证书
The skill's metadata declares no required environment variables, but the instructions say the app will auto-detect and use ANTHROPIC_API_KEY, OPENAI_API_KEY, DEEPSEEK_API_KEY, or GEMINI_API_KEY. Reading multiple unrelated LLM provider keys from the host environment is broad and not documented as required in the registry. Additionally, the service can post reports to arbitrary webhook URLs and may use repoUrl to generate code fixes (potentially…
持久
The instructions create and start a persistent local service (default port 3000) and automatically create a default admin user with no registration step. Persisting a server and an admin account increases long‑term attack surface (exposed endpoints, default credentials) and is a capability beyond a typical ephemeral skill. While 'always: false' and autonomous invocation are normal, the creation of persistent infrastructure and default admin pr…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Human Test」。简介:Call real humans to test your product (URL or app). Get structured usability fe…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/avivahe326/human-test/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。