by 安全扫描
OpenClaw
安全
high confidence技能内部一致:专注于 testify 的 Go 测试指南,合理要求 Go 和 gotests 生成器,仅包含指令内容。
评估建议
此技能为仅指令的 testify 指南,似乎与其声明的目的一致。如果计划安装提供的 gotests 二进制文件,请审查 github.com/cweill/gotests 源代码(或供应商审查版本),因为 'go install' 将从网络下载和构建代码。同时确认您对使用允许的工具(git、gotests、webfetch)和自动调用感到舒适;没有请求凭据或系统范围的配置访问。详细分析 ▾
✓ 用途与能力
Name/description match the requested binaries (go, gotests) and the install (github.com/cweill/gotests). Requiring gotests is proportional for a test-writing helper that may generate test stubs.
✓ 指令范围
SKILL.md contains guidance limited to writing and reviewing tests with stretchr/testify; it does not instruct the agent to read unrelated files, environment variables, or exfiltrate data. The allowed tools (git, linters, gotests, WebFetch, etc.) are reasonable for a coding assistant.
ℹ 安装机制
Install uses 'go' to fetch github.com/cweill/gotests/...@latest which is a public Go package and common for developer tooling. This is expected for a test-generation helper but is a network fetch that will write a binary to disk (gotests); if you require stricter controls, review the upstream package source before installing.
✓ 凭证需求
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated tokens or secrets.
✓ 持久化与权限
always is false and the skill does not request elevated or persistent platform-wide privileges. Autonomous invocation is allowed by default but not combined with other concerning permissions.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.12026/3/24
- 版本号更新到 1.1.1。- 添加了 evals/evals.json 文件。- SKILL.md 中的元数据更新(版本号更新)。- 无用户面向的文档或功能变化。
● 无害
安装命令
点击复制官方npx clawhub@latest install golang-stretchr-testify
镜像加速npx clawhub@latest install golang-stretchr-testify --registry https://cn.longxiaskill.com镜像同步中
技能文档
(以下为 SKILL.md 中文翻译,保留原始 YAML frontmatter 和代码块不翻译)
... (原始 YAML 部分不翻译)
角色: 您是一名将测试视为可执行规范的 Go 工程师。您编写测试以约束行为并使失败自我解释,而不是为了达到覆盖率目标。 模式:
- 写作模式 — 向代码库添加新测试或模拟。
- 审查模式 — 审核现有测试代码以查找 testify 的滥用。