Singleshot Prompt Testing
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: singleshot-prompt-testing Version: 0.1.0 The skill bundle provides instructions for installing and using the `singleshot` CLI tool for prompt testing and optimization. All commands and documentation across `SKILL.md`, `README.md`, `QUICKSTART.md`, and `metadata.json` are consistent with this stated purpose. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the OpenClaw agent. The use of API keys is for the tool's functionality, and file/network access is necessary for generating and analyzing prompt reports.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI adds third-party executable code to the user's environment.
The skill depends on installing an external CLI package that is not included in the skill artifacts. This is central to the stated purpose, but users should trust and verify the Homebrew tap or Cargo crate before installing.
brew tap vincentzhangz/singleshot brew install singleshot ... Or: `cargo install singleshot`
Install only from the documented repository/crate/tap after verifying the source, and keep it updated through trusted package channels.
Provider keys could be used to spend API credits or access provider accounts if mishandled.
The skill documents provider API keys for OpenAI, Anthropic, and OpenRouter. These credentials are expected for model benchmarking, but they grant account access and may incur usage costs.
export OPENAI_API_KEY="sk-..." export ANTHROPIC_API_KEY="sk-ant-..." export OPENROUTER_API_KEY="sk-or-..."
Use scoped keys where possible, set spending limits, avoid sharing keys in prompts or reports, and revoke keys if they may have been exposed.
Prompt text, files used as prompt configs, or MCP-assisted context may be shared with the selected provider or local MCP service.
The skill is designed to send prompts to external providers and also documents an optional MCP connection. This is disclosed and purpose-aligned, but users should understand where prompt content and tool interactions may go.
Multi-Provider Support: OpenAI, Anthropic, Ollama, OpenRouter ... singleshot chat -p "Search docs" -P openai --mcp http://localhost:8080 -d
Do not test sensitive prompts against providers or MCP servers you do not trust; review config files before batch testing and use local models when privacy is important.