setup-unit-test 安全扫描报告 — 可信 | ClawSafe

0 /100

setup-unit-test

One-click initialization of an AI-driven unit testing environment for frontend projects (React/Vue/TypeScript/Next.js)

This is a legitimate unit testing setup skill with no security concerns. All declared capabilities match implementation, and no malicious behavior was detected.

技能名称setup-unit-test

分析耗时31.8s

引擎pi

✓

可以安装

This skill is safe to use. All shell executions are declared and relevant to the testing setup functionality.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	scripts/detect-framework.mjs:40 reads package.json
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md declares vitest.config.ts and .claude/commands/*.md writes
命令执行	`WRITE`	`READ`	✓ 一致	scripts/check-missing-tests.mjs:51 uses execSync for git commands; scripts/detec…
网络访问	`NONE`	`NONE`	—	No network calls in any script
环境变量	`NONE`	`NONE`	—	No environment variable access for credential harvesting

目录结构

5 文件 · 15.4 KB · 435 行

Markdown 3f · 238L JavaScript 2f · 197L

├─ ▾ 📁 references

│ ├─ 📝 fix-test-prompt.md Markdown 17L · 706 B

│ └─ 📝 gen-unit-test-prompt.md Markdown 74L · 3.4 KB

├─ ▾ 📁 scripts

│ ├─ 📜 check-missing-tests.mjs JavaScript 106L · 3.4 KB

│ └─ 📜 detect-framework.mjs JavaScript 91L · 2.4 KB

└─ 📝 SKILL.md Markdown 147L · 5.4 KB

安全亮点

✓ All shell executions are declared in SKILL.md (npm/yarn/pnpm, git commands)

✓ No network requests or data exfiltration observed

✓ No credential harvesting or sensitive path access detected

✓ No obfuscation techniques (base64, eval, atob) present

✓ Scripts perform legitimate test checking operations

✓ Documentation accurately describes all functionality

✓ Input validation present for project directory checks

✓ Git repository validation before executing commands

✓ No supply chain risks - uses standard testing libraries (Vitest, Testing Library, MSW)