SDET Automation
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a coherent roadmap-generation API description with no code, install steps, credentials, or destructive capabilities, but it does asks users to submit career assessment and tracking identifiers.
This appears safe to use for its stated purpose, but treat it like any external career-planning API: share only the skills, goals, and experience details you are comfortable sending to the provider, and avoid confidential workplace information.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information about a user's skills, career goals, session identifier, and optional user ID may be sent to the roadmap service.
The OpenAPI artifact shows that roadmap generation is performed by submitting a structured request to an API endpoint, so user assessment data is shared with the service.
"/api/sdet/roadmap": { "post": { "summary": "Generate Roadmap" ... "requestBody": ... "$ref": "#/components/schemas/RoadmapRequest"Only submit information needed for the roadmap and avoid including confidential employer, project, or personal details unless you trust the service.
The service may associate roadmap requests with session IDs and timestamps to track progress over time.
The skill describes tracking sessions and timestamps for progress analytics, which is purpose-aligned but indicates user activity may be associated across roadmap sessions.
session tracking for progress monitoring, and timestamp-based analytics for career milestone tracking
Use non-sensitive session identifiers where possible and review any available privacy or retention information from the service provider.