gen-test
PassAudited by ClawScan on May 11, 2026.
Overview
This instruction-only testing skill is coherent and purpose-aligned, but it can install coverage tools, run project test code, and edit test/build files after user confirmation.
Before using this skill, work on a branch, approve package installs explicitly, run it only on trusted repositories or in a sandbox, and review generated tests/build configuration before committing.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Approving these steps can add new packages or build plugins to the project or user environment.
The skill may install public-registry testing/coverage dependencies. This is purpose-aligned and requires confirmation, but it still changes the dependency supply chain.
自动安装缺失的覆盖率工具 ... `pip install pytest-cov` ... `npm install -D @vitest/coverage-v8` ... 安装前使用 AskQuestion 确认
Review the proposed package names and versions before approving, prefer pinned versions/lockfiles, and run installs in a clean branch or isolated environment.
If the target repository is untrusted, running tests or npx/pip/cargo tooling could execute code you did not author.
The documented coverage workflow runs project tests and local tooling, which can execute code from the target repository. This is central to the skill's purpose.
`go test -coverprofile=coverage.out ./...` ... `pytest --cov=src` ... `npx jest --coverage`
Use the skill only on trusted projects, or run it in a sandbox/container with a clean working tree.
Generated Makefile/build changes can change how tests and coverage run for the whole project.
The skill can add build/test targets and coverage configuration that may affect CI or teammates if committed. The behavior is disclosed and scoped.
如果项目使用 Makefile,在 Phase 4 末尾生成以下 targets(跳过已存在的同名 target)
Review all generated diffs before committing, especially CI/build configuration and package manifest changes.