Back to skill
Skillv1.0.1
ClawScan security
Zod Testing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 4:25 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only testing guide for Zod schemas whose requested artifacts and instructions are consistent with its stated purpose and do not ask for credentials or perform installs themselves.
- Guidance
- This is an authoritative, instruction-only guide for writing Zod schema tests and appears internally consistent. Before you install or follow the examples, remember: (1) the guide recommends third-party dev-dependencies (zod-schema-faker, @anatine/zod-mock, fast-check) — review those packages and your lockfile before adding them to a project; (2) the snippets sometimes reference test-time database checks or handlers — ensure your tests use mocks or test databases so they don't hit production services; (3) because the skill is instruction-only, it won't run code by itself, but following its install commands will pull packages from npm/GitHub — vet those sources as you normally would. If you want extra assurance, check the referenced GitHub repo and the specific versions of suggested packages before adding them to CI or a codebase.
Review Dimensions
- Purpose & Capability
- okName/description focus on Zod schema testing and all declared content (Jest/Vitest patterns, mock generation, property tests) matches that purpose; no unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md contains testing patterns and code snippets only. It instructs use of zod, zod-schema-faker, @anatine/zod-mock, fast-check, and test runners; it does not direct the agent to read arbitrary files, access environment secrets, or send data to external endpoints.
- Install Mechanism
- okNo install spec is present (instruction-only), so nothing will be automatically downloaded or written to disk by the skill itself. README examples show using npm/npx to add the skill or install dev-dependencies, which is expected for test tooling.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. Example code references hypothetical db mocks but does not require real DB credentials or service tokens.
- Persistence & Privilege
- okSkill is not always-enabled and is non-agentic; it does not request persistent privileges or modifications to other skills or system-wide settings.