RTFM Testing
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the provided docs include commands or actions that change files, services, or accounts, the spawned tester could attempt those steps as part of the test.
The skill explicitly instructs use of a tool that creates another agent to attempt the documentation task. This is core to the skill, but users should understand that the spawned tester may follow documented task steps.
Spawn a fresh tester — Use the TESTER.md prompt with `sessions_spawn`
Use this skill in a safe test environment and require human review before testing documentation that includes destructive, public, or account-mutating actions.
Any private documentation, internal procedures, or secrets included in the pasted docs would be shared with the spawned tester session.
The workflow passes the user's documentation into a spawned agent session. This is disclosed and purpose-aligned, but it is still an inter-agent data flow.
task: "Complete the following task using ONLY the provided documentation. [TASK DESCRIPTION]\n\n---\n\n[PASTE DOCS HERE]"
Only paste documentation that is appropriate to share with the spawned agent, and remove credentials, tokens, or other sensitive material before testing.