Back to skill
Skillv1.0.0
ClawScan security
Jest · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 5:19 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only Jest best-practices skill is internally consistent with its description and requests no credentials, installs, or unusual privileges.
- Guidance
- This skill is a documentation-only Jest best-practices guide and appears safe and coherent: it asks for nothing and installs nothing. Before installing, verify the source_url (https://github.com/anivar/jest-skill) and the license if you want provenance, and confirm the Jest baseline (v29/30) matches your project. Also be aware that the agent may invoke this skill autonomously when it detects Jest test code patterns; review any automated suggestions it generates before applying them to your codebase.
Review Dimensions
- Purpose & Capability
- okThe name/description (Jest guidance) matches the included rule files and references. There are no unrelated requirements (no cloud credentials, no unrelated binaries), so requested capabilities align with the stated purpose.
- Instruction Scope
- okSKILL.md and the referenced rule/reference files are documentation and coding guidance for Jest; they do not instruct the agent to read unrelated system files, access secrets, or transmit data externally. The activation triggers (jest imports, describe, test, etc.) are appropriate for a Jest-focused skill.
- Install Mechanism
- okNo install spec and no code files beyond documentation — the skill is instruction-only, which is the lowest-risk install mechanism. Nothing is downloaded or written to disk during install.
- Credentials
- okThe skill declares no required environment variables, no credentials, and no config paths. That is proportionate for a documentation/guide skill.
- Persistence & Privilege
- okalways is false, it does not request permanent presence or system configuration changes, and it does not modify other skills' configs. disable-model-invocation is false (normal), so the agent may call it autonomously — acceptable given the low sensitivity of the content.