ClawHub
Back to skill
v0.1.0

Test Master

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:57 AM.

Analysis

The skill is mostly a coherent testing guide, but one TDD reference gives absolute instructions to delete production code if tests were not written first, which should be reviewed before use.

GuidanceInstall only if you are comfortable with a strict testing assistant. Use it in development or test environments, review generated changes before applying them, and do not allow it to delete or rewrite production code unless you explicitly approve that action.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityMediumConfidenceHighStatusConcern
references/tdd-iron-laws.md
"NO PRODUCTION CODE WITHOUT A FAILING TEST FIRST." ... "If you wrote production code before writing a failing test, delete it and start over. No exceptions."

This is an absolute instruction that could override a user's actual request and encourage deleting production code without an explicit approval, backup, or containment step.

User impactThe agent could be steered toward removing or rewriting existing code instead of simply adding tests or advising on TDD practices.
RecommendationTreat this TDD guidance as advisory only; require explicit user approval before deleting, reverting, or rewriting production code.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
references/integration-testing.md
beforeEach(async () => { await db.query('DELETE FROM users'); });

This destructive database cleanup appears in a test-context example and is purpose-aligned, but it is only safe when run against an isolated test database.

User impactIf copied or executed against the wrong environment, test setup code could delete real records.
RecommendationUse dedicated test databases, synthetic data, and environment checks before running generated integration or cleanup code.