ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Generate Tests

v1.0.0

Creates comprehensive test suites for Move contracts with 100% coverage requirement. Triggers on: 'generate tests', 'create tests', 'write test suite', 'test...

0· 97·0 current·0 all-time
by@iskysun96
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (generate tests for Move contracts) match the SKILL.md content: the document contains Move test module templates and many example test cases. The templates reference Aptos/Move constructs (aptos_framework, signer, object) which are expected for this purpose. However, the metadata 'priority: critical' and the strong directive 'NEVER deploy without 100% test coverage' are prescriptive rather than technical capabilities.
!
Instruction Scope
The SKILL.md provides many concrete test templates but does not instruct how to: (a) obtain or inspect the user's Move contract source code, (b) run the tests (no mention of move/aptos CLI or test runners), or (c) measure/verify coverage. The skill asserts a 100% coverage requirement but gives no mechanism, tooling, or commands to calculate or enforce coverage—this is a mismatch between claimed capability and provided instructions. The instructions do not request secrets or external endpoints, and they do not explicitly tell the agent to read arbitrary system files, but they are vague about how the agent should gather context from the user's code to produce the promised tests.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is written to disk by an installer—this is the lowest install risk.
Credentials
The skill requires no environment variables, no credentials, and no config paths. There are no requests for unrelated secrets or system credentials in SKILL.md.
Persistence & Privilege
always is false and the skill does not request any persistent special privileges or modify other skills' configurations. Autonomous invocation is allowed (platform default) but not combined with other red flags here.
What to consider before installing
This skill contains useful Move test templates and is instruction-only (no binaries, no credentials). However: (1) it claims a 100% coverage requirement but provides no tooling or steps to run tests or measure coverage—do not assume the skill will produce measurable 100% coverage automatically; (2) the source is unknown (metadata lists 'aptos-labs' as author in the file but the package origin is not verified)—treat that as possible impersonation and verify before trusting; (3) when using the skill, supply your contract source only through the agent if you trust it, and review every generated test before running, especially to ensure no sensitive keys/addresses are embedded; (4) run tests and coverage measurement locally with your known Move/Aptos toolchain (move/aptos CLI or trusted coverage tools) rather than relying on the skill to enforce coverage; and (5) avoid auto-deploying based on the skill's assertion—manually validate test results and coverage with your CI/tooling.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cd8m7hsgh6fmqqbck1jcj65834zr9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments