首页龙虾技能列表 › 3D Pet Checkout Test — 技能工具

3D Pet Checkout Test — 技能工具

v1.0.0

执行 3D Pet 宠物下单测试完整流程,包含登录、选择产品、上传图片、等待生成、验证结账。用于自动化测试 joyarti 3D 宠物产品购买流程。

0· 226·0 当前·0 累计
by @jinxuanzhu·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/10
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
The skill mostly does what it describes (automated 3D-pet checkout testing) but contains several inconsistencies and risky behaviors (undeclared/embedded credentials, hard-coded messaging target, and runtime downloading/executing via npx) that require review before use.
评估建议
Do not run this skill with your real account credentials or in an uncontrolled environment. Before using: (1) Remove or replace the hard-coded JOYARTI credentials in the workflow; (2) Ensure FEISHU_TARGET and the hard-coded chat id are correct and acceptable to you — confirm the destination is owned/trusted; (3) Review cdp_upload.py carefully — it will start a daemon via 'npx agent-browser', which downloads and executes code at runtime; prefer pre-installed, audited binaries instead of npx. Run ...
详细分析 ▾
用途与能力
The SKILL.md and workflow clearly implement a checkout test for joyarti, which matches the name. However the registry metadata declares no required env vars while the instructions require JOYARTI_EMAIL, JOYARTI_PASSWORD, FEISHU_TARGET and optionally JOYARTI_IMAGE_URL. The workflow JSON also embeds default credentials (email/password) directly in config – unexpected and sensitive. The workflow hard-codes a Feishu chat target in CRITICAL_RULES (different from the FEISHU_TARGET variable named in SKILL.md). These mismatches (undeclared env vars + baked-in credentials + hard-coded message target) are disproportionate to a simple test helper and inconsistent with the declared skill requirements.
指令范围
Runtime instructions go beyond simple browser automation: they (a) instruct exec downloads to /tmp, (b) run the included CDP uploader which queries a local DevTools HTTP API (127.0.0.1:18800), (c) require sending and confirming messages to Feishu for every step with enforced retries, and (d) use npx (via the CDP script) to start an agent daemon. The instructions also mandate strict behaviors (always send messages, confirm ok:true and messageId) and reference filesystem paths outside the skill (e.g., /Users/ezeeship/.openclaw/agents/...). The enforced messaging requirements and hard-coded target increase the attack/surveillance surface and are not justified by a minimal test description.
安装机制
The skill has no declared install spec (instruction-only) but includes a Python script that will call out to 'npx agent-browser ...' if the daemon is absent. That causes dynamic runtime downloads and execution from the npm ecosystem (npx), which is a higher-risk install behavior that is not visible at install-time. There is no verification of what npx will fetch/run. The skill also writes/reads from /tmp and may start persistent processes (agent-browser daemon).
凭证需求
The SKILL.md expects user credentials and a Feishu target, but the skill package/registry did not declare these requirements. Worse, the workflow embeds default JOYARTI credentials in cleartext — a direct red flag (exposed sensitive data). The required Feishu target is enforced (and a different hard-coded chat id exists in workflow JSON), yet there is no mention of how Feishu authentication is provided or scoped. Overall, credential handling is inconsistent and excessive for a test helper.
持久化与权限
The skill is not granted always:true and does not directly modify other skills. However the CDP script can start a long-running 'agent-browser' daemon (via npx) and interact with a local DevTools endpoint (127.0.0.1:18800). This creates persistent local processes and runtime network activity (npm). This is noteworthy but not a declared platform privilege escalation.
references/workflow-3d-pet.json:149
Install source points to URL shortener or raw IP.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/16

3D Pet 下单自动化测试 — 初始版本 - 实现完整 3D Pet 宠物购买流程的自动化测试,包括登录、选品、上传图片、生成预览与结账验证 - 支持飞书群消息通知,每步关键节点自动推送进度与结果 - 配置项与环境变量集中管理,便于自定义测试账号与图片 - 强调关键操作规范,如按钮点击、文件上传与轮询检测 - 测试流程结束后,自动生成标准化报告

● 可疑

安装命令 点击复制

官方npx clawhub@latest install 3d-pet-checkout-test
镜像加速npx clawhub@latest install 3d-pet-checkout-test --registry https://cn.clawhub-mirror.com

技能文档

执行 3D 宠物产品下单完整流程,验证购买路径是否正常。

触发条件

  • 用户说"测试3D宠物"、"测试下单"、"3D Pet test"、"运行工作流"
  • cron 定时任务触发
  • 手动执行测试

关键配置

配置环境变量默认值
网站-https://joyarti.com
账号邮箱JOYARTI_EMAIL(无默认值,请设置)
账号密码JOYARTI_PASSWORD(无默认值,请设置)
测试图片JOYARTI_IMAGE_URL(可选)
推送目标FEISHU_TARGET(无默认值,需配置)

环境变量设置

在运行前设置环境变量(可选,如不设置则使用默认值):

export JOYARTI_EMAIL="your-email@example.com"
export JOYARTI_PASSWORD="your-password"
export JOYARTI_IMAGE_URL="https://example.com/image.jpg"
export FEISHU_TARGET="chat:oc_xxxxxxxxxxxxxxxxxx"

执行步骤

Step A: 登录

  • navigate 到 https://joyarti.com/account/login
  • wait 2000ms
  • evaluate 填写邮箱密码并点击 Login
  • wait 4000ms 等待跳转
  • evaluate 验证登录成功(URL 含 /account)

Step B: 选择产品

  • evaluate 点击导航 '3D Figure'
  • wait 3000ms,验证 URL 含 figmaker
  • evaluate 点击 'For Pets' (必须用 BUTTON 元素)
  • wait 3000ms
  • evaluate 点击 'Minimal Style' 的 Create 按钮 (必须用 BUTTON 元素)
  • wait 3000ms,验证 URL 含 style2 且有文件上传框

Step C: 上传图片

  • exec 下载图片到 /tmp/openclaw/uploads/pet_image.jpg
  • exec 运行 CDP 上传脚本:
   CDP_SCRIPT="${WORKSPACE}/cdp_upload.py"  # 或从 skill 目录读取
   python3 "$CDP_SCRIPT" /tmp/openclaw/uploads/pet_image.jpg joyarti
- 成功输出:OK: files=1 - 失败输出:ERR: ...
  • wait 3000ms
  • evaluate 点击 Create Preview 按钮

Step D: 等待生成

  • 禁止用 browser wait 超过 20s
  • 用 exec + curl 轮询,每次 sleep 30s:
   sleep 30 && curl -s http://127.0.0.1:18800/json/list | python3 -c "
   import json,sys
   tabs=json.load(sys.stdin)
   for t in tabs:
       if 'joyarti' in t.get('url','') and 'projectId' in t.get('url',''):
           print('DONE:', t['url'])
   "
  • 检测输出含 DONE: 即生成完成,提取 projectId

Step E: 验证结账

  • evaluate 点击 Buy Now
  • wait 4000ms
  • evaluate 验证跳转到 Shopify(URL 含 myshopify.com 或 checkout)
  • evaluate 读取结账关键字段(产品、价格)
  • 验证:产品含 'Pet'/'Figure',价格含 '$89.99'
  • 必须登出并关闭浏览器

消息规则

每个 Step 开始和完成必须发消息到飞书群:

message(action=send, channel=feishu, target=FEISHU_TARGET, message="...")
  • Step 开始:⏳ Step X: xxx 开始...
  • Step 完成:✅ Step X: xxx 完成 — {关键结果}
  • Step 失败:❌ Step X: xxx 失败 — {原因}

最终报告模板

🧪 3D Pet 下单测试报告
时间:{startTime}–{endTime}(约 {duration} 分钟)
账号: JOYARTI_EMAIL
A: 登录 - {结果}
B: 选择产品 - {结果}
C: 上传图片 - {结果}
D: 3D 生成 - {结果}
E: 结账验证 - {结果}
projectId: {projectId}
产品: {product}
价格: {price}
结论:{通过/失败}

注意事项

  • 点击必须用 BUTTON:禁止点击 SPAN/DIV 元素,必须用 querySelectorAll('button') 限定
  • 上传用 CDP 脚本browser.upload() 不触发 React onChange
  • 生成等待用 exec:禁止 browser.act kind=wait timeMs>20000
  • 必须登出关闭浏览器:确保下次测试干净
  • 禁止点击 Place order/Pay now:只验证不付款
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务