ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Server Test Converter

v1.0.1

将服务器测试命令 txt 文件转换为 pytest 测试用例。每个 txt 文件对应生成一个独立的 pytest 文件,命令合并到一个函数中执行。包含通用框架 test_framework.py,适配各种测试环境。

0· 150·0 current·0 all-time
by@liuyun2025
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the script reads txt files, parses commands, groups them by executor type, and emits pytest files and a reference test_framework. No unrelated binaries, services, or credentials are required.
Instruction Scope
SKILL.md and the script tightly bound to local paths under /home/admin/.openclaw and instruct the user to implement send_a_cmd() (SSH/subprocess/other). That is within scope, but the docs show examples with hard-coded credentials and the generated tests will contain the original command text verbatim — review inputs for sensitive data before generating or sharing outputs.
Install Mechanism
No install spec; this is instruction-only plus a Python script. Nothing is downloaded or written outside the declared output directory by the script itself.
Credentials
The skill declares no required environment variables or credentials. The examples in SKILL.md mention using paramiko or subprocess, but those are implementation suggestions the user must provide and do not create hidden credential requests.
Persistence & Privilege
always is false and the skill does not request persistent/autonomous privileges or modify other skills or global config.
Assessment
This skill appears to do what it says, but take these precautions before installing/using it: 1) Inspect your txt input files for sensitive data (passwords, tokens, IPs) because the generated pytest files will contain the command strings in cleartext. 2) Review and control the test_framework.py you use — the converter assumes you will implement send_a_cmd(); avoid hard-coding credentials in that implementation and prefer SSH keys or a secure credential store. 3) Run the converter and the produced tests in an isolated environment (non-production) until you verify behavior. 4) Verify output paths and permissions (the script writes to /home/admin/.openclaw/tytest). 5) If you need the tool to operate on a different path, update INPUT_DIR/OUTPUT_DIR in the script before running.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ep3qe1xx8d4yystg2zfq8q1835k4b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments