Skillv2.0.0

ClawScan security

Test Driven Development · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 2:30 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is coherent TDD guidance, but its runtime instructions include examples that would send the working tree (code and tests) to an external LLM CLI (claude) which could leak sensitive data if executed by an agent.
Guidance: This skill is primarily a TDD playbook and appears internally consistent, but pay attention to the example workflow that calls an external LLM CLI (claude) with prompts to "review all changes in the working tree." If an agent executes those steps automatically, it could send your source code, tests, or secrets to an external service. Before installing or using this skill: 1) Confirm whether your agent will actually execute the example CLI calls; if so, disable or rewrite them to avoid sending full repo contents (send minimal diffs or sanitized snippets instead). 2) Remove or adapt the 'claude' examples to use an approved internal tool or an audited endpoint, and avoid sending secrets or entire working trees. 3) Review the prompts the skill suggests and redact sensitive data before any outbound call. 4) If you need automated cleanup/review, prefer local tools or a self-hosted LLM with strict data controls. If you want, I can suggest safer replacements for the external-LLM examples (e.g., run a local linter/test-runner and post only diffs to a review service).

Review Dimensions

Purpose & Capability: okName, description, and included files are consistent: this is an instruction-only Test-Driven Development guide (red-green-refactor, de-sloppify, refactoring, mocking, tests). There are no unrelated required binaries, env vars, or installs.
Instruction Scope: concernSKILL.md contains explicit bash examples that invoke an external LLM CLI (e.g., `claude -p "Review all changes in the working tree..."`) and a loop that suggests sending repo changes to that LLM. If an automated agent follows those instructions, it could transmit the repository/working tree (potentially including secrets) to an external service. The guidance also instructs running builds/tests and committing — those are reasonable for TDD but combined with the external-LLM examples create a plausible exfiltration vector. The SKILL.md also contains illustrative examples referencing environment-based secrets (process.env.STRIPE_KEY) in mocking.md; those are examples, not declared requirements, but they highlight where secrets could be referenced.
Install Mechanism: okNo install spec or code files beyond documentation. Instruction-only skills have low installation risk because nothing is downloaded or written by an installer.
Credentials: noteThe skill declares no required environment variables or credentials (none needed for the documented guidance). Some example snippets reference environment variables (e.g., STRIPE_KEY) as illustrative testability guidance, but the skill does not require access to them. Still, following examples naively could cause an agent to read or use such secrets.
Persistence & Privilege: okalways is false and the skill is user-invocable with normal autonomous invocation allowed. The skill does not request persistent system presence or modify other skills/config; no privilege escalation indicators in the metadata.