Back to skill
Skillv1.0.0
ClawScan security
test-driven-development · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 6, 2026, 6:55 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions are coherent for a Rust-focused TDD workflow but the metadata omits several implied tools and an external 'ralph' emit step that could transmit data; that mismatch and the need to run untrusted tests raise concern.
- Guidance
- This skill appears to be a useful Rust TDD helper, but it assumes tools and an external event emitter without declaring them. Before installing or running: (1) verify you have a safe, isolated environment (sandbox or CI worker) because 'cargo test' and coverage can execute repository code; (2) confirm the presence and versions of required tools (cargo, ripgrep, cargo-tarpaulin, and the 'ralph' CLI/library) and ask the author to list them in metadata; (3) ask what 'ralph emit' does and where completion events are sent — treat it as a potential data exfiltration vector until proven otherwise; (4) run on trusted repositories first or review tests for malicious setup/teardown logic; and (5) prefer installing the skill only after the author updates requirements and documents external integrations.
Review Dimensions
- Purpose & Capability
- concernThe name/description describe a Rust-oriented TDD workflow (RED/GREEN/REFACTOR) which matches the instructions, but the SKILL.md assumes cargo, ripgrep (rg), cargo-tarpaulin, and a 'ralph' tool/library; none of those are declared in the skill metadata. The omission of these required tools is disproportionate to the stated lightweight metadata.
- Instruction Scope
- concernInstructions direct the agent to read repository files, run 'cargo test --no-run', run coverage (cargo tarpaulin), run ripgrep, and call 'ralph emit'. Running tests and coverage can execute repository code; 'ralph emit' likely posts completion events externally. The instructions do not document where/events are sent or require explicit authorization, so they may transmit repository-derived data without explicit disclosure.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so there is no installer download or archive execution risk.
- Credentials
- concernNo environment variables, binaries, or config paths are declared, yet the guidance relies on multiple external tools and an integration (ralph) that may need credentials or config. The skill should declare required binaries and any credentials/config needed for 'ralph' or CI integration.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request persistent or cross-skill configuration changes; it does not require elevated platform privileges per the provided metadata.