setup-unit-test Security Report — Trusted | ClawSafe

0 /100

setup-unit-test

One-click initialization of an AI-driven unit testing environment for frontend projects (React/Vue/TypeScript/Next.js)

This is a legitimate unit testing setup skill with no security concerns. All declared capabilities match implementation, and no malicious behavior was detected.

Skill Namesetup-unit-test

Duration31.8s

Enginepi

✓

Safe to install

This skill is safe to use. All shell executions are declared and relevant to the testing setup functionality.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	scripts/detect-framework.mjs:40 reads package.json
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md declares vitest.config.ts and .claude/commands/*.md writes
Shell	`WRITE`	`READ`	✓ Aligned	scripts/check-missing-tests.mjs:51 uses execSync for git commands; scripts/detec…
Network	`NONE`	`NONE`	—	No network calls in any script
Environment	`NONE`	`NONE`	—	No environment variable access for credential harvesting

File Tree

5 files · 15.4 KB · 435 lines

Markdown 3f · 238L JavaScript 2f · 197L

├─ ▾ 📁 references

│ ├─ 📝 fix-test-prompt.md Markdown 17L · 706 B

│ └─ 📝 gen-unit-test-prompt.md Markdown 74L · 3.4 KB

├─ ▾ 📁 scripts

│ ├─ 📜 check-missing-tests.mjs JavaScript 106L · 3.4 KB

│ └─ 📜 detect-framework.mjs JavaScript 91L · 2.4 KB

└─ 📝 SKILL.md Markdown 147L · 5.4 KB

Security Positives

✓ All shell executions are declared in SKILL.md (npm/yarn/pnpm, git commands)

✓ No network requests or data exfiltration observed

✓ No credential harvesting or sensitive path access detected

✓ No obfuscation techniques (base64, eval, atob) present

✓ Scripts perform legitimate test checking operations

✓ Documentation accurately describes all functionality

✓ Input validation present for project directory checks

✓ Git repository validation before executing commands

✓ No supply chain risks - uses standard testing libraries (Vitest, Testing Library, MSW)

Scan Report

File Tree

Security Positives