ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Testcase Generator Pro

v1.0.0

AI-powered test case generator with three-persona review loop. Supports PDF, Word, TXT, images, video. Exports Excel, Markdown, XMind.

0· 57·0 current·0 all-time
by@xuxuclassmate
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (test-case generation, multi-persona review) align with requested artifacts: ANTHROPIC_API_KEY and Node/npm are reasonable for a JS-based, Anthropic-backed tool. README and package.json show the project is a Node app; requiring node/npm is expected if user runs locally or installs the npm package.
Instruction Scope
SKILL.md describes processing uploaded documents, images, and video and running a review loop; it does not instruct reading unrelated system files or exfiltrating secrets. Inputs are user-supplied (file_path, text) and outputs are local/export files — consistent with stated purpose.
Install Mechanism
No install spec (instruction-only) is present, which is low-risk. The included README/package.json describe Docker/npm install paths for optional standalone use; there are no download-from-untrusted-URL install steps in the skill bundle itself.
Credentials
Only ANTHROPIC_API_KEY is declared as required (primary credential). README mentions optional provider keys (OpenAI, DeepSeek) for alternate modes, which is reasonable; the skill does not request unrelated system credentials or many extraneous secrets.
Persistence & Privilege
always is false and the skill does not request system-wide changes. The plugin metadata allows configuring model API keys (expected for multi-model support) but the skill does not demand permanent elevated privileges.
Assessment
This skill appears internally consistent, but review these practical points before installing: (1) It will send your uploaded requirements to an LLM provider — do not upload sensitive PII or secrets unless you accept that those inputs may be processed by Anthropic (or other configured providers). (2) If you run the provided Docker/npm modes, supply a least-privilege API key (rotate/revoke if needed) and inspect the GitHub repo (SECURITY.md, release artifacts) before running third-party containers. (3) The plugin config supports adding other model API keys and custom base URLs — only add keys for services you trust. (4) If you need stronger assurance, request the project’s runtime source (dist or src) to audit network calls and storage behavior; absence of code in this bundle means the runtime behavior depends on external package distribution.

Like a lobster shell, security has layers — review code before you run it.

latestvk9765q888k72xdv2bbsp97c7e1844qtz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧪 Clawdis
Binsnode, npm
EnvANTHROPIC_API_KEY
Primary envANTHROPIC_API_KEY

Comments