ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

junit-test-generator

v1.0.1

Generates JUnit 5 test classes from JSON test case files. Invoke when user wants to generate Spring Boot JUnit 5 tests from JSON test cases.

0· 69·1 current·1 all-time
by@hcyyy0120
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and the three Python modules are all focused on parsing JSON test-case files and generating JUnit 5 Java test classes. The code generates JdbcTemplate calls (as part of setup/teardown in generated Java) which aligns with the SKILL.md claim of executing SQL during tests — the Python generator itself does not execute SQL or access DB credentials.
Instruction Scope
Runtime instructions tell the agent to parse a JSON file and generate Java files (via run_generator.py or the Python API). They do not instruct reading arbitrary host files, contacting external endpoints, or accessing environment variables. The only notable behavior is embedding setup/teardown SQL from the input JSON into generated test code (intended for later execution when running the tests).
Install Mechanism
There is no install specification or remote download; the skill is provided as local Python scripts and a SKILL.md. Nothing is written or fetched at install time beyond the included files.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The code relies solely on input JSON and writes output files to a user-specified directory — this is proportionate to the described function.
Persistence & Privilege
always is false and the skill does not modify other skills or global agent config. It only writes generated Java files to the output directory when invoked, which is expected behavior for a generator.
Assessment
The skill is coherent with its purpose, but you should still review inputs and outputs before running tests. Important points: 1) The generator embeds any SQL statements found in the JSON into the generated Java tests; those SQL statements will run if you execute the tests (mvn test), so do not run generated tests against production databases — use an isolated test DB. 2) Inspect the generated Java files for unexpected SQL or requests before executing. 3) Treat the JSON test-case files as untrusted input: malicious or accidental SQL in them will be propagated into test code. 4) Because the skill runs locally and requests no credentials, running the generator is low-risk, but executing the resulting tests may have side effects on systems the tests target.

Like a lobster shell, security has layers — review code before you run it.

latestvk979v4c4g5kj657x552r1caw9x83k2fe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments