ClawHub
Back to skill
v0.1.0

Testing Workflow

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:33 AM.

Analysis

This is a coherent testing orchestration skill with no included code, but it may guide the agent to run tests and edit testing or CI files.

GuidanceThis skill appears reasonable for testing work. Before installing or using it, verify any referenced related skills and the GitHub install source, and require review before the agent commits files, changes CI rules, or runs broad test commands.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Run the existing test suite... Write unit tests... Verify CI integration

The skill directs the agent to run local test commands and make repository or CI changes. This matches the testing purpose, but it is still meaningful authority over the project.

User impactThe agent may execute project tests and propose or make changes to test files, documentation, and CI configuration.
RecommendationAsk the agent for a plan and review diffs before allowing commits or CI quality-gate changes.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Read `ai/skills/testing/testing-patterns/SKILL.md`... Read `ai/skills/testing/e2e-testing/SKILL.md`

The meta-skill depends on other local skill documents that are not part of the provided manifest. That dependency is disclosed and purpose-aligned, but the behavior will depend on those other skills.

User impactThe agent may follow additional testing guidance from related skills that were not included in this review package.
RecommendationReview the referenced testing-patterns, e2e-testing, and related skills before relying on the full workflow.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
README.md
npx add https://github.com/wpank/ai/tree/main/skills/testing/testing-workflow

The README suggests a user-run install command from a GitHub branch rather than a pinned release. This is not automatic, but users should verify the source before running it.

User impactFollowing the README install command could install content from a moving upstream source.
RecommendationPrefer a pinned version or reviewed commit, and only run the install command if you trust the source.