ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Test Master (修复版)

v1.0.0

Use when writing tests, creating test strategies, or building automation frameworks. Invoke for unit tests, integration tests, E2E, coverage analysis, perfor...

0· 17·0 current·0 all-time
by@xuxuclassmate
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md describes a comprehensive test framework (CLI commands like `test-master run unit`) but the package contains no code files, no install spec, and no required-binaries entry. That makes it unclear how the claimed functionality would actually be available to the agent.
!
Instruction Scope
Runtime instructions are limited to invoking a `test-master` CLI and high-level descriptions. They do not instruct the agent to read unrelated files or env vars, but they are vague about how the CLI is provided or what exact commands/flags are supported — granting the agent ambiguous discretion.
!
Install Mechanism
There is no install specification (instruction-only). For a skill that promises a CLI and multi-language testing support, the absence of any install mechanism or links to where the tool is obtained is disproportionate and inconsistent.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is proportionate to the (limited) instructions provided.
Persistence & Privilege
always is false and the skill does not request any elevated persistence. Autonomous invocation is permitted (platform default) but does not combine with other red flags here.
What to consider before installing
Do not install yet. Ask the publisher for: (1) the install steps or a download link for the `test-master` CLI, (2) the exact binaries/versions the skill expects, and (3) a README or source repository to verify code. If the author cannot provide a verifiable install/source, treat this as incomplete/misleading. Prefer skills that explicitly declare an install spec or required binaries and that point to a trusted repository (GitHub, official project site). If you test it, run it in a sandboxed environment and monitor network/file access.

Like a lobster shell, security has layers — review code before you run it.

automationvk97bfg2ry0jky2g0v4bzk5j8xn852tmccoveragevk97bfg2ry0jky2g0v4bzk5j8xn852tmce2evk97bfg2ry0jky2g0v4bzk5j8xn852tmcframeworkvk97bfg2ry0jky2g0v4bzk5j8xn852tmcintegrationvk97bfg2ry0jky2g0v4bzk5j8xn852tmclatestvk97bfg2ry0jky2g0v4bzk5j8xn852tmcperformancevk97bfg2ry0jky2g0v4bzk5j8xn852tmcqavk97bfg2ry0jky2g0v4bzk5j8xn852tmcqualityvk97bfg2ry0jky2g0v4bzk5j8xn852tmcregressionvk97bfg2ry0jky2g0v4bzk5j8xn852tmcsecurityvk97bfg2ry0jky2g0v4bzk5j8xn852tmctestvk97bfg2ry0jky2g0v4bzk5j8xn852tmctestingvk97bfg2ry0jky2g0v4bzk5j8xn852tmcunitvk97bfg2ry0jky2g0v4bzk5j8xn852tmc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments