test-automator
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could make project or pipeline changes that alter test execution or CI behavior.
The skill may direct the agent to create or modify test automation assets and CI/CD pipeline configuration. This is aligned with the skill purpose, but such changes can affect builds and deployments.
Implement robust test automation solutions ... CI/CD integration: - Pipeline configuration - Test execution - Parallel execution - Result reporting
Use version control, review diffs, and require explicit approval before applying CI/CD or deployment-affecting changes.
Private project architecture or testing information may be brought into the agent's working context.
The skill expects the agent to retrieve project context. That is purpose-aligned for test automation, but architecture and testing context can contain private project details.
Query context manager for application architecture and testing requirements
Limit shared context to what is needed for the task and avoid including secrets, production credentials, or sensitive test data.
Users could be given inaccurate test coverage, execution-time, or success-rate claims if the example is not adapted to real results.
The completion message contains specific success metrics. If repeated verbatim without measurement, it could mislead users about actual work completed.
Delivery notification: "Test automation completed. Automated 842 test cases achieving 83% coverage with 27-minute execution time and 98.5% success rate."
Treat the message as a template only; require the agent to report actual measured metrics or clearly state when metrics are estimates.