ClawHub

Test Specialist

v0.1.0

This skill should be used when writing test cases, fixing bugs, analyzing code for potential issues, or improving test coverage for JavaScript/TypeScript applications. Use this for unit tests, integration tests, end-to-end tests, debugging runtime errors, logic bugs, performance issues, security vulnerabilities, and systematic code analysis.

3· 2.4k·13 current·13 all-time
byVeera@veeramanikandanr48
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included artifacts: SKILL.md contains testing strategies and examples; scripts/analyze_coverage.py and scripts/find_untested_code.py implement legitimate local analysis helpers for coverage and untested files; index.js is a lightweight placeholder. No unrelated credentials, binaries, or platform-level access are requested.
Instruction Scope
SKILL.md stays within the testing/debugging domain. A few examples reference environment placeholders (e.g., TEST_DB_URL, process.env.SECRET) and show connecting to test DBs or seeding data — these are example/test patterns rather than instructions to exfiltrate secrets. The included Python scripts operate on local filesystem paths (coverage JSON, src directory). There are no instructions to read unrelated system config, network-upload data, or to contact unknown external endpoints. Recommendation: treat DB-connect examples as placeholders and avoid supplying production credentials when following examples.
Install Mechanism
No install specification or external download is present. The skill is instruction-first and ships only small, readable helper scripts and docs. There are no brew/npm/download-based install steps, no archive extraction, and no references to third-party installers or remote code fetches.
Credentials
The skill does not declare any required environment variables or credentials (requires.env empty). Examples in the docs reference TEST_DB_URL and show sanitized inputs that include ${process.env.SECRET} as a test case; these are illustrative and not a request for secrets. The helper scripts do not read environment variables. Users should avoid running scripts against production directories or with production secrets.
Persistence & Privilege
Skill flags are default (always: false, user-invocable: true). It does not attempt to modify agent/system-wide config, does not request persistent presence, and contains no code that writes to other skills' configurations. Autonomous invocation is allowed by platform default but the skill's files do not elevate privileges.
Assessment
This package appears coherent for its stated purpose. Before using: (1) Review the two Python scripts and SKILL.md to confirm you understand what directories they will read (they scan coverage files and the source tree). (2) Run these tools in a development or CI environment, not against production code or with production credentials — examples reference TEST_DB_URL and other placeholders. (3) The index.js is a placeholder (TODO); the real logic is in docs/scripts, so don’t assume network calls or secret access. (4) If you plan to run analyze_coverage.py or find_untested_code.py, inspect them locally (they only read files and print reports) and invoke them with explicit paths (e.g., coverage/coverage-final.json, src/) to avoid surprising scans of sensitive locations.

Like a lobster shell, security has layers — review code before you run it.

latestvk976vx4ay8xsh941wdp2d2pjx9809k3x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments