Back to skill
Skillv0.1.0
ClawScan security
Clean Pytest · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 21, 2026, 2:37 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only pytest guidance skill whose requested resources and instructions align with its stated purpose; nothing in the SKILL.md asks for unrelated credentials, installs, or system-wide access.
- Guidance
- This skill is instruction-only and appears coherent for teaching and generating pytest patterns. Before using: ensure you have python3/pytest locally if you run examples; review any examples that import your app (e.g., myapp.services.user_service) so tests don't accidentally run against production resources; confirm the skill author/owner if provenance matters (registry metadata lacked a homepage while SKILL.md references a GitHub URL). There are no environment variables or install steps requested by the skill itself, so risks are limited to normal care when running test code against your codebase (avoid embedding secrets in tests or running tests that interact with live services).
Review Dimensions
- Purpose & Capability
- okThe name/description (clean pytest patterns, fakes, fixtures, contract tests) matches the content of SKILL.md. The examples and fixtures are appropriate for writing tests and reference typical application imports (e.g., myapp.services.user_service).
- Instruction Scope
- okThe runtime instructions are prose and code snippets for writing tests; they don't instruct the agent to read arbitrary system files, call external endpoints, or exfiltrate data. They only reference application-level imports and creating in-memory fakes/fixtures, which is expected for a test-patterns skill.
- Install Mechanism
- okThere is no install spec and no code files to be written or executed by the platform — instruction-only skills are low-risk. No downloads or package installs are specified.
- Credentials
- okThe skill declares no env vars or credentials. SKILL.md lists python3 under required bins in its front matter, which is proportionate for a pytest-oriented skill.
- Persistence & Privilege
- okThe skill is not marked always:true and requests no persistence or cross-skill config changes. Autonomous invocation is allowed (platform default) but presents no extra risk given the skill's limited scope.