ClawHub

test-driven-development

v1.0.0

Unified TDD skill with three input modes — from spec, from task, or from description. Enforces test-first development using repository patterns, with proptes...

1· 563·2 current·2 all-time
by@imbeasting
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description describe a Rust-oriented TDD workflow (RED/GREEN/REFACTOR) which matches the instructions, but the SKILL.md assumes cargo, ripgrep (rg), cargo-tarpaulin, and a 'ralph' tool/library; none of those are declared in the skill metadata. The omission of these required tools is disproportionate to the stated lightweight metadata.
!
Instruction Scope
Instructions direct the agent to read repository files, run 'cargo test --no-run', run coverage (cargo tarpaulin), run ripgrep, and call 'ralph emit'. Running tests and coverage can execute repository code; 'ralph emit' likely posts completion events externally. The instructions do not document where/events are sent or require explicit authorization, so they may transmit repository-derived data without explicit disclosure.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no installer download or archive execution risk.
!
Credentials
No environment variables, binaries, or config paths are declared, yet the guidance relies on multiple external tools and an integration (ralph) that may need credentials or config. The skill should declare required binaries and any credentials/config needed for 'ralph' or CI integration.
Persistence & Privilege
The skill is not always-enabled and does not request persistent or cross-skill configuration changes; it does not require elevated platform privileges per the provided metadata.
What to consider before installing
This skill appears to be a useful Rust TDD helper, but it assumes tools and an external event emitter without declaring them. Before installing or running: (1) verify you have a safe, isolated environment (sandbox or CI worker) because 'cargo test' and coverage can execute repository code; (2) confirm the presence and versions of required tools (cargo, ripgrep, cargo-tarpaulin, and the 'ralph' CLI/library) and ask the author to list them in metadata; (3) ask what 'ralph emit' does and where completion events are sent — treat it as a potential data exfiltration vector until proven otherwise; (4) run on trusted repositories first or review tests for malicious setup/teardown logic; and (5) prefer installing the skill only after the author updates requirements and documents external integrations.

Like a lobster shell, security has layers — review code before you run it.

latestvk975qath4v323dbehj2t146qgh82d0fq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments