Casely
v0.1.0Intelligent QA assistant that automates writing test cases from project documentation. Use when the user wants to generate test cases from requirements, runs...
⭐ 0· 252·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description align with included scripts (a parser and an exporter) that convert documents to Markdown and XLSX test-case exports. However, the SKILL.md asks the operator to run 'uv' and to manage dependencies at the repository root (pyproject.toml), while the skill metadata declares no required binaries or install steps — that mismatch is unexpected. A legitimate implementation would normally declare required runtime binaries (e.g., python) or include an install spec if it needs to install heavy libraries like docling/torch.
Instruction Scope
Runtime instructions direct the agent/user to modify and depend on the repository root (check/create pyproject.toml, run 'uv init', 'uv add', 'uv sync'), create projects/ directories, and auto-detect the latest project by scanning projects/. That expands the skill's scope beyond its own folder and assumes permission to install/manage dependencies at repo root. The instructions also mandate copying all columns from example files verbatim into a persistent style file, which is business-logic but must be understood by users before automated runs. No instructions attempt to read unrelated secrets, but the repo-root dependency requirement and global install actions are scope creep relative to a small, self-contained skill.
Install Mechanism
There is no install spec in the registry entry (instruction-only), but the code requires third-party Python packages (docling, openpyxl). The SKILL.md tells the user to run 'uv add docling openpyxl' or 'uv sync' at the repository root to install dependencies. Relying on an out-of-band dependency manager (uv) without declaring it is risky: 'uv' is not a standard, universally-available tool and could change behavior. No remote download URLs or obscure hosts are used in the skill files themselves, and the included Python scripts are readable and contain no network exfiltration logic.
Credentials
The skill does not request environment variables, credentials, or config paths. Its filesystem access is limited to creating and reading project subdirectories (projects/, processed/, results/, exports/) and the repository root pyproject.toml. Those filesystem operations are consistent with a document-processing exporter, though users should note the expectation of reading/writing under the repository root.
Persistence & Privilege
The skill is not marked always:true and does not attempt to modify other skills or system-wide agent settings. It will create files in project folders and a persistent test_style_guide.md per project, which is expected for its functionality.
What to consider before installing
This skill appears to implement the described parser/exporter, but there are operational mismatches you should resolve before running: 1) The registry metadata lists no required binaries, yet the SKILL.md requires 'python' and a dependency manager called 'uv' and instructs installing docling/openpyxl at the repository root. Verify you have (or are willing to install) 'uv' and Python and understand what 'uv add' or 'uv sync' will change in your repo (pyproject.toml). 2) Because docling may pull heavy dependencies (e.g., torch or model downloads), run installs in an isolated virtual environment or sandbox to avoid impacting other projects. 3) Inspect scripts/scripts for any unwanted behavior (they are readable and do not show network calls), and confirm you are comfortable with the skill reading/writing under projects/ and creating test_style_guide.md files. 4) Ask the author for an explicit install spec (or provide one yourself) and clarification on 'uv' usage; require that dependency installs be done in a dedicated virtual environment. If you cannot verify those items, treat the skill as potentially risky and test it in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk970khd18ap93hen5ka8fdc20x8239kw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.