ClawHub
Back to skill
v1.0.0

Workflow Patterns

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:32 AM.

Analysis

This instruction-only skill is coherently focused on TDD workflows, testing, and git commits, with no evidence of hidden code, credential use, or data exfiltration.

GuidanceThis skill appears safe for its stated purpose, but it is meant to let an agent make project changes and commits. Install from a trusted source, run it only in repositories where that workflow is desired, and review generated code, tests, and commits before publishing or deploying.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
pytest --cov=module --cov-report=term-missing ... git commit -m "feat(user): implement email validation

The skill instructs the agent to run project test/coverage commands and create git commits. This is expected for a TDD workflow, but it affects the local repository.

User impactIf invoked in a project, the agent may modify code, update plans, run tests, and create commits.
RecommendationUse it in repositories where automated implementation is intended, keep a clean working tree, and review diffs and commits before pushing or sharing changes.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
README.md
npx add https://github.com/wpank/ai/tree/main/skills/meta/workflow-patterns

The README documents a user-directed install command from a GitHub tree URL rather than a pinned release. It is not automatic behavior, but it is a provenance consideration.

User impactInstalling from an unpinned remote location can depend on whatever content is present there at install time.
RecommendationPrefer the trusted registry install path or a pinned, reviewed source reference when installing.