Tester Workflow
v1.0.1Complete testing workflow from requirements analysis to test case generation and review - triggers on "完整测试流程", "testing workflow", "测试工作流", "端到端测试", "全流程测试"...
⭐ 0· 27·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (end-to-end testing workflow) align with the contents: SKILL.md plus four included sub-skills for requirements analysis, design understanding, test-case generation, and review. No unrelated env vars, binaries, or config paths are requested.
Instruction Scope
Runtime instructions are purely procedural and document-heavy (generate reports, CSVs, checklists). They ask the agent to require user-provided documents and to produce files (mentions using a 'Write tool' to generate real CSVs). This is within scope, but the SKILL.md enforces strict, prescriptive behavior (refuse 'quick' requests) which grants the skill strong operational rules. Also a regex pre-scan flagged unicode-control-chars in SKILL.md — this could hide content; review raw files if concerned.
Install Mechanism
No install spec and no code files to execute. Instruction-only skills pose minimal installation risk because nothing will be downloaded or written by an installer step.
Credentials
Skill declares no required environment variables, no credentials, and no config paths. All required inputs are user-provided documents (requirements, design, test cases), which is proportional to the stated purpose.
Persistence & Privilege
Flags show default privileges (always: false, model invocation enabled). The skill does not request permanent agent presence or special privileges, and does not attempt to modify other skills or agent-wide config in the provided files.
Scan Findings in Context
[unicode-control-chars] unexpected: A pre-scan detected Unicode control characters in SKILL.md. The visible SKILL.md appears benign, but hidden control characters can be used to obfuscate content or influence prompt parsing. It's not expected for a plain documentation skill; recommend inspecting the raw file bytes for hidden control characters before installing.
Assessment
This is an instruction-only skill that bundles documentation and templates for a complete testing workflow; it does not ask for credentials or install code, which makes it internally coherent. Before installing: 1) review the raw SKILL.md (and any omitted files) for hidden characters or unexpected instructions because the scanner flagged unicode control characters; 2) verify included example/template files do not contain customer-sensitive data; 3) confirm how your platform's 'Write' tool works (what path the CSVs are written to and whether files are accessible externally); 4) if you will let the agent operate autonomously, be aware the skill enforces strict refusal language (it will insist on full workflows rather than shortcuts) — that is a design choice, not a security issue. If you want extra assurance, run the skill in a sandboxed agent session first and check generated outputs and any side-effects.Like a lobster shell, security has layers — review code before you run it.
latestvk978gph90rykqcasymj8bxb9a184rryf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.