Back to skill
Skillv0.1.0
ClawScan security
Tdd Helper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 6:48 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill does what it says — it runs tests (pytest), optionally a linter, and then runs a user-provided command — and its requirements and files match that purpose.
- Guidance
- This skill is internally consistent with its purpose, but note that tdd.py will execute whatever shell commands it is given (tests, linter, and the --run command) using shell=True. Before installing or enabling autonomous invocation: (1) ensure pytest and any linters are trusted and present, (2) avoid passing untrusted inputs into --run/TEST_CMD/LINT_CMD to prevent command injection, (3) consider restricting which commands an agent may ask this skill to run or use sandboxing (containers, timeouts) when running untrusted code, and (4) be aware optional env vars (WARN_AS_ERROR, TEST_CMD, LINT_CMD) control behavior though they're not declared in the metadata.
Review Dimensions
- Purpose & Capability
- okName/description (TDD helper) align with the included tdd.py, README, and SKILL.md. Required binaries (python3, pytest) are appropriate for running tests and the script; no unrelated credentials or system paths are requested.
- Instruction Scope
- noteSKILL.md and tdd.py stay within the stated purpose (run tests, optionally lint, then run a target command). However, the script executes TEST_CMD, LINT_CMD and the provided --run command with shell=True, which will run arbitrary shell commands — expected for a wrapper but important to note because it executes whatever command the agent or user supplies.
- Install Mechanism
- okNo install spec; this is instruction-only with a small included script. Nothing is downloaded or written to disk by an installer step.
- Credentials
- noteThe skill requests no credentials and only optionally reads TEST_CMD, WARN_AS_ERROR, and LINT_CMD. Those env vars are reasonable for configurability, though they are not listed under requires.env in metadata (minor omission). No secrets are requested.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/privileged presence or modify other skills. It can be invoked autonomously (platform default), which is expected for a developer helper but increases the risk if used by an agent without guardrails.