ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

XMind Test Case Generator

v1.1.0

根据需求文档生成 XMind 格式测试用例。当用户要求"写测试用例"、"生成用例"、"写XMind用例"时使用。

0· 181·0 current·0 all-time
by@wxl1779766474

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wxl1779766474/xmind-testcase-generator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "XMind Test Case Generator" (wxl1779766474/xmind-testcase-generator) from ClawHub.
Skill page: https://clawhub.ai/wxl1779766474/xmind-testcase-generator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install xmind-testcase-generator

ClawHub CLI

Package manager switcher

npx clawhub@latest install xmind-testcase-generator
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description, SKILL.md, reference.md and scripts/gen_xmind.py are consistent: the skill generates .xmind files from requirement docs and code analysis. Including a Python script that uses only stdlib to write a .xmind is proportionate to the stated purpose. However, SKILL.md explicitly refers to fetching Feishu documents (feishu_fetch-doc) and deep reading of code repositories, but the skill metadata does not declare any required credentials, tools, or config paths for Feishu or for repository access — an inconsistency between what the skill says it will do and what it declares it needs.
!
Instruction Scope
Runtime instructions require: re-pulling the full requirement document (if a Feishu link is provided), reading local files, and performing 'code deep analysis' including extracting client request URLs and reading service handlers. That means the agent (or the user running the script) will need to access potentially large/ sensitive documents and codebases. The SKILL.md also mandates outputting a list of code file locations involved in the requirement. While these steps are relevant to generating thorough test cases, they expand the skill's operational scope into reading arbitrary user files and possibly organization docs — this should be explicit and limited by the user.
Install Mechanism
No install spec; the included script uses only Python standard libraries (json, zipfile, os, uuid, sys) and writes a .xmind ZIP to ~/Desktop/工作/. Instruction-only + small script is low-risk from an installation/execution perspective. The script does not download remote code or execute subprocesses.
!
Credentials
The skill declares no required environment variables or credentials, but SKILL.md references fetching Feishu documents (feishu_fetch-doc) and reading code repositories. If the agent or operator needs to fetch Feishu docs automatically, Feishu API credentials or an agent tool with Feishu access are needed — these are not listed in requires.env. There is therefore a missing/undeclared requirement: either the skill expects the platform to provide a feishu_fetch-doc tool or the user to supply tokens, but this is not documented, which is disproportionate and could lead to accidental exposure if the user attempts to grant broad access to enable the skill.
Persistence & Privilege
The skill does not ask for always:true and does not declare modifications to system-wide settings. It runs as an instruction/script and writes output to the user's Desktop path (~ /Desktop/工作/). That write location is explicit in the script (generate_xmind) but is limited to the user's home directory; no persistent agent-wide privileges are requested.
What to consider before installing
What to consider before installing or running this skill: - Clarify Feishu access: SKILL.md expects to fetch full Feishu documents (feishu_fetch-doc) but the skill metadata does not declare Feishu credentials or how that fetch is performed. Ask the author whether the skill relies on a platform tool with Feishu access or whether you must supply a Feishu API token. Do not grant broad org-wide tokens until you verify the implementation. - Be cautious about granting the agent access to code repositories or local directories. The workflow explicitly requires deep reading of client/server code and extracting endpoints and handler locations — this is normal for thorough test-case generation, but it means the agent may read potentially sensitive source files. Prefer running the included script locally yourself against a curated subset of files instead of giving the skill autonomous file-system or repo access. - Review the included script before use. The provided scripts/gen_xmind.py is short, uses only Python stdlib, creates a .xmind ZIP, and writes to ~/Desktop/工作/<name>.xmind. It does not perform network requests or run external commands — that reduces risk. Still, verify the output path and that overwriting existing files is acceptable. - Limit exposure: If you must let the agent fetch docs, provide only the specific documents needed (or a temporary API token scoped to a single document) and avoid giving blanket access to all project repos or to organization-level data. - Ask for clarification from the skill author about undeclared requirements: request a clear list of required tools/credentials (e.g., Feishu token, repo access method) and whether the skill will ever transmit fetched documents or code off the host. The current mismatch (instructions that need Feishu + no declared creds) should be resolved before enabling automatic execution. If you're unsure, run gen_xmind.py yourself on a local, sanitized copy of the requirement document and a limited set of code files rather than giving the skill autonomous access to your systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk972spspchy2dxz6fa6cp8z1td838d5kqavk972spspchy2dxz6fa6cp8z1td838d5ktestcasevk972spspchy2dxz6fa6cp8z1td838d5kxmindvk972spspchy2dxz6fa6cp8z1td838d5k
181downloads
0stars
2versions
Updated 7h ago
v1.1.0
MIT-0
@wxl1779766474
latestqatestcasexmind
Download

XMind 测试用例生成规范

工作流程

  1. 获取需求文档:飞书链接用 feishu_fetch-doc,本地文件直接读。必须重新拉取全文,不能依赖对话摘要
  2. 建立模块清单:列出所有功能段落,确认无遗漏
  3. 代码深度分析(复杂功能必做):读核心代码文件,关注客户端常量/枚举/行为模式、服务端校验链/error code
  4. 编写用例数据:修改 gen_xmind.py 的 build_cases() 函数
  5. 执行脚本python3 gen_xmind.py
  6. 验证统计:smoke 占比 ~20%(15%-25% 可接受)

XMind 层级结构

需求名 → 模块 → 子模块 → 测试点(P1/P3)→ 步骤(带编号)→ 预期结果

优先级

标记含义占比
P1smoke 冒烟用例~20%
P3normal 普通用例~80%
  • 只用 P1 和 P3,不用 P2
  • 每条用例必须标注优先级

步骤编号格式

测试点(P1/P3)
  ├── "1、操作步骤"
  │     └── "1、预期结果"   ← 步骤的子节点
  ├── "2、操作步骤"
  │     └── "2、预期结果"

标签(F3)

标签平台
iOS + Android + Server
aiiOS + Android
asAndroid + Server
f前端 FE/H5

备注(F4)— 前置条件

写在测试点节点上,不混入步骤:note="前置条件:XXX"

用例粒度原则

  • 验证点不丢,执行路径连贯的可整合
  • 同类枚举值合并成1条 case,步骤中逐个验证每个值
  • 前置条件不同、主客态差异必须拆成独立 case
  • # 开头的节点被忽略

容易遗漏的场景 Checklist

  • 跨页面状态同步
  • 操作撤回后重新触发
  • 校验失败后流程不被绕过
  • 前置状态变体(播放/静止、登录态/游客)
  • 操作后关联功能状态联动
  • 弹窗/页面所有按钮行为穷举
  • 操作频率限制
  • 并发/竞态场景
  • 边界值(0/负数/小数)
  • 负面清单(满足条件X才触发 → 验证不满足X时不触发)
  • 活动时间边界(最后一刻的特殊逻辑)
  • 同一功能的多种行为模式(从代码中发现)
  • 服务端 error code 全覆盖
  • 状态变更后所有关联 UI 区域全面更新
  • 端到端请求链路追踪(客户端URL → 服务端handler)

gen_xmind.py API

详见 reference.md

Comments

Loading comments...