Scan Report
5 /100
skill-tester
OpenClaw Skill Testing Framework - 自动化测试技能质量,验证触发时机、功能正确性、性能指标对比
This is a legitimate OpenClaw skill testing framework that validates trigger patterns, functionality, and performance metrics for other skills. No malicious behavior detected.
Safe to install
The skill is safe to use. Continue standard monitoring practices.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md requires.bins: [python3, bash] |
| Filesystem | READ | READ | ✓ Aligned | test_trigger.py:22 - reads skill SKILL.md files |
| Network | READ | READ | ✓ Aligned | SKILL.md requires.packages: [pytest, requests] |
| Environment | NONE | NONE | — | No access to environment variables detected |
1 findings
Info Email 邮箱地址
[email protected] SKILL.md:6 File Tree
5 files · 25.0 KB · 956 lines Python 3f · 370L
Markdown 1f · 348L
Shell 1f · 238L
├─
▾
scripts
│ ├─
test_comparison.py
Python
│ ├─
test_functionality.py
Python
│ ├─
test_runner.sh
Shell
│ └─
test_trigger.py
Python
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
pytest | latest | pip | No | Standard testing dependency, declared in SKILL.md |
requests | latest | pip | No | Used for HTTP API testing, declared in SKILL.md |
Security Positives
✓ All declared capabilities match actual implementation
✓ No credential harvesting or environment variable access
✓ No network exfiltration or suspicious outbound connections
✓ No base64 encoding/decoding or obfuscated code
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ Reports are written to /tmp/skill-tests with randomized filenames
✓ Subprocess usage is limited to testing framework functionality