ClawHub

Senior Qa

v1.0.0

Comprehensive QA and testing skill for quality assurance, test automation, and testing strategies for ReactJS, NextJS, NodeJS applications. Includes test sui...

0· 25·0 current·0 all-time
byEmerson Braun@emersonbraun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims production-grade test generation, deep coverage analysis, automated fixes and E2E scaffolding across many stacks, but the three included Python scripts are lightweight scaffolds that only validate a target path and return empty 'findings'. The documentation and reference files are coherent with a QA tool, but the actual code does not implement the advanced features described (overstatement of capability).
Instruction Scope
SKILL.md instructs the agent/user to run the included scripts and consult packaged reference docs. The runtime instructions do not direct the agent to read unexpected system files or remote endpoints. The scripts only require a filesystem path to analyze and optionally write an output file; they do not access environment variables or network resources.
Install Mechanism
There is no install spec (instruction-only for runtime) and no external downloads or archive extraction. SKILL.md suggests common setup commands (npm install, pip install -r requirements.txt) but no requirements.txt or package manifests are included — this is a usability issue, not a security risk.
Credentials
The skill declares no required environment variables or credentials. The documentation suggests copying .env.example to .env, but neither the scripts nor the SKILL.md require secrets or other unrelated credentials. The scripts do not read environment variables.
Persistence & Privilege
The skill does not request permanent/always inclusion (always: false) and does not modify other skills or system-wide settings. It operates as a normal, user-invocable tool.
Assessment
This package appears safe from a security/coherence perspective, but it's important to note the code is largely a stub: it only validates a path and emits empty results while the docs promise advanced analysis and automated fixes. Before using: (1) review the three Python scripts locally to confirm behavior, (2) run them in a sandbox or on non-sensitive test repositories (don't point them at production directories containing secrets), (3) don't rely on the tool for critical QA decisions until the analysis logic is implemented or audited, (4) check for a requirements.txt or other dependencies before running pip/npm commands, and (5) if you need the promised advanced features, either request the author for a full implementation or use a well-maintained QA tool with an established audit trail.

Like a lobster shell, security has layers — review code before you run it.

latestvk97561qrn2wvjtjnyjx9c9czj984cgkf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments