ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

A/B Testing Tool Skill

v1.0.0

Design, run, and analyze A/B tests to compare content variants, measure performance, and make data-driven optimization decisions.

0· 28·0 current·0 all-time
bybittao@hgta23
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (A/B testing) aligns with the included CLI implementation: create tests, set metrics, start, add data, analyze. Behavior and data model in index.js match SKILL.md. One small mismatch: SKILL metadata lists no required binaries, but the tool is a Node.js script and depends on Node and npm-installed packages.
Instruction Scope
SKILL.md instructs using the local 'ab' CLI and describes steps that map directly to the commands implemented in index.js. The runtime instructions do not ask the agent to read unrelated files, access credentials, or transmit data externally.
Install Mechanism
There is no install spec (instruction-only), but code and package.json are included. The package.json lists dependencies (commander, chalk, fs-extra) which must be installed (e.g., npm install) and the runtime requires Node. The lack of an install step or declared Node requirement is a minor inconsistency to be aware of but not an active risk.
Credentials
The skill declares no environment variables or credentials and the code does not read env vars or external config. No sensitive-scoped variables are requested, which is proportionate to an offline testing CLI.
Persistence & Privilege
The script creates and writes JSON files under its own tests directory (path: __dirname/tests). This is reasonable for local test state, but users should know it writes files to the skill's directory. always is false and the skill does not modify other skills or system-wide settings.
Assessment
This skill appears to be a simple, local CLI for managing A/B tests and is internally consistent. Before installing or running it: 1) ensure you have Node.js available (the package.json lists dependencies) and run npm install in the skill folder or confirm the platform will install deps; 2) inspect the included index.js yourself (it writes JSON files to a tests/ subdirectory inside the skill folder) and run it in a sandbox if you are unsure; 3) note the source/owner and homepage are unknown — if you require provenance, request a published source or repo; 4) because it writes files locally, back up any important directories you might point it at. There are no signs of credential exfiltration or external network calls in the provided code.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ajkqjfbvq01jt7t34a35j9584feat

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments