ClawHub

TDD Workflow

v0.1.0

Test-Driven Development for coding and bug fixing. cycle - Red→Green→Refactor cycle, defining expected behavior, bug-fix TDD, anti-patterns [cycle.md], run -...

0· 61·3 current·3 all-time
byes6kr@drumrobot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, included documents (cycle.md, run.md, test-strategies.md), and declared dependencies align with a TDD guidance skill. It requests no env vars, binaries, or config paths. The only external declaration is depends-on: [skill-toolkit], which is plausible (tooling helpers) but should be reviewed separately.
Instruction Scope
SKILL.md and the included docs instruct the agent to read project files (package.json, pyproject.toml, .github/workflows), run shell commands (ls, grep, git diff, pnpm/test commands), and execute tests. Those steps are expected for a test-run workflow, but running a project's test suite can execute arbitrary code in that repository—so the instructions are coherent but carry the usual operational risk of executing untrusted test code.
Install Mechanism
No install spec and no code files beyond markdown; instruction-only skills do not place binaries on disk. This minimizes install-time risk.
Credentials
No environment variables, credentials, or sensitive config paths are requested. The guidance does mention checking for external services (DB, SSO, Redis) as part of environment detection, which is appropriate for determining test prerequisites but does not itself request secrets.
Persistence & Privilege
always is false and there is no indication the skill modifies other skills or system-wide settings. The skill can be invoked autonomously by the agent (platform default); this is normal but worth noting if you want to restrict autonomous test runs.
Assessment
This skill is a documentation-only TDD workflow and appears internally consistent. Before installing: (1) review the 'skill-toolkit' dependency—it may grant additional capabilities; (2) be aware that following the run instructions will read your repo files and may run test commands that execute code in that repository—do this only on trusted code or in an isolated environment; (3) the skill does not request secrets, but if you let an agent run tests in a repo that uses CI credentials or local service credentials, ensure those secrets are not exposed; (4) if you want to prevent automatic execution, disable autonomous invocation for the agent or require manual approval before running tests.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ar1qqjh71wrf0n1h58zc72n841pag

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments