ClawHub

Security Testing Strategy

v1.0.0

Select and implement a layered security testing strategy for a codebase: design unit tests for security properties (boundary conditions, negative inputs, acc...

0· 24·0 current·0 all-time
byHung Quoc To@quochungto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the SKILL.md content: it focuses on unit/integration tests, sanitizers, fuzzing, and static analysis. It does not request unrelated credentials, binaries, or config paths.
Instruction Scope
Instructions are scoped to analyzing a repository or architecture description (grep/Read), mapping review findings to testing gaps, and producing a strategy document. The skill expects access to source files but does not instruct the agent to read unrelated system files, environment secrets, or exfiltrate data.
Install Mechanism
There is no install spec and no code files—this is instruction-only, which is the lowest-risk install profile (nothing is written to disk by the skill itself).
Credentials
The skill declares no required environment variables, credentials, or config paths. Required tools (Read, Grep; optional Bash, Write) are appropriate for analyzing a codebase and producing documentation.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This skill is a text-based plan generator and appears coherent with its stated purpose. Before you run it: (1) remember it will ask the agent to read your repository files—do not point it at production data or secrets; (2) review any concrete shell commands or CI changes the skill suggests before executing them; (3) integrating sanitizers and continuous fuzzing can have significant CI resource and exposure implications (e.g., OSS-Fuzz requires public/open-source participation), so validate organizational policies first; and (4) although no code is installed by the skill, only use it if you trust the author/source since the agent will be given repository access to analyze and produce recommendations.

Like a lobster shell, security has layers — review code before you run it.

bookforgevk972a5e1x5xtt70tdretjm5rzn84kz56latestvk972a5e1x5xtt70tdretjm5rzn84kz56tags:vk972a5e1x5xtt70tdretjm5rzn84kz56

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis

Comments