test-driven-development
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only TDD skill appears coherent and benign, but users should expect it to edit repository files, run developer commands, and optionally emit build status events.
This skill is safe to consider for normal development use, but install it only if you are comfortable with the agent editing your repository, running Rust test/coverage commands, and emitting brief build-status events through your configured tooling.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may change files in the repository and run test or coverage commands that take time or affect local build artifacts.
The skill directs the agent to modify repository tests and implementation code and run local developer commands as part of the TDD workflow.
Write failing tests for all requirements before any implementation ... Write the minimum code to make tests pass ... Run tests to confirm failure
Use it only in repositories where you want TDD changes, and review diffs and command outputs before committing.
Build status or coverage metadata could be shared through the configured event channel, though the example does not request secrets or private source content.
The skill includes a disclosed completion-event emission step that may send build and coverage status to whatever local Ralph event integration is configured.
ralph emit "build.done" "tests: pass, lint: pass, typecheck: pass, audit: pass, coverage: pass (82%)"
Confirm the Ralph event destination is acceptable and avoid including sensitive details in emitted completion messages.