Workflow Patterns
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherently focused on TDD workflows, testing, and git commits, with no evidence of hidden code, credential use, or data exfiltration.
This skill appears safe for its stated purpose, but it is meant to let an agent make project changes and commits. Install from a trusted source, run it only in repositories where that workflow is desired, and review generated code, tests, and commits before publishing or deploying.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked in a project, the agent may modify code, update plans, run tests, and create commits.
The skill instructs the agent to run project test/coverage commands and create git commits. This is expected for a TDD workflow, but it affects the local repository.
pytest --cov=module --cov-report=term-missing ... git commit -m "feat(user): implement email validation
Use it in repositories where automated implementation is intended, keep a clean working tree, and review diffs and commits before pushing or sharing changes.
Installing from an unpinned remote location can depend on whatever content is present there at install time.
The README documents a user-directed install command from a GitHub tree URL rather than a pinned release. It is not automatic behavior, but it is a provenance consideration.
npx add https://github.com/wpank/ai/tree/main/skills/meta/workflow-patterns
Prefer the trusted registry install path or a pinned, reviewed source reference when installing.