by 安全扫描
OpenClaw
可疑
medium confidenceThe skill claims to be a TypeScript testing framework (unit, snapshot, coverage, mutation) but contains only a tiny shell script that only prints messages and no declared dependencies or implementation — the published package appears incomplete or a placeholder.
评估建议
This package looks like a placeholder rather than a working TypeScript testing framework. It contains only a tiny bash script that prints messages and no Node/TypeScript code or declared dependencies (node, npm, test/coverage/mutation tools). Security risk appears low (no network calls, no credentials requested), but functionality risk is high—do not rely on it to run tests. Before installing or using: (1) verify source/trust of the publisher and look for a real homepage or repository, (2) inspe...详细分析 ▾
⚠ 用途与能力
The name and description advertise a full TypeScript testing framework with coverage and mutation testing, but the bundle contains no TypeScript/Node code, no test runner, no coverage tools, and no declared dependencies (e.g., node, npm, jest, nyc, Stryker). The only executable is a 321-byte bash script that only echoes messages for --run, --coverage, and --status. This mismatch makes the claimed capabilities unsupported by the provided files.
ℹ 指令范围
SKILL.md simply instructs running ./scripts/test-runner.sh with flags. The instructions do not attempt to read unrelated files or environment variables and do not perform network activity. However, those instructions point to a script that does not implement the described functionality, so the instructions are technically safe but not useful for the stated purpose.
✓ 安装机制
There is no install spec (instruction-only skill with bundled files). No downloads or package installs are requested, so there is low install-time risk.
✓ 凭证需求
The skill declares no required environment variables, no credentials, and no config paths. The runtime files do not access environment variables or secrets. The absence of requested credentials is proportionate to the provided (minimal) functionality.
✓ 持久化与权限
The skill is not always-enabled, is user-invocable, and does not request elevated or persistent privileges. It does not modify other skills or system-wide settings.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSLinux
版本
latestv0.1.02026/2/19
Initial release: reserved ts4 namespace for Netsnek e.U.
● 无害
安装命令 点击复制
官方npx clawhub@latest install ts4
镜像加速npx clawhub@latest install ts4 --registry https://cn.clawhub-mirror.com
技能文档
TS4 is the Netsnek e.U. TypeScript testing framework. Run unit tests, snapshots, coverage reports, and mutation tests from a single CLI.
Test Types
- Unit — Isolated 函数 和 模块 tests
- Snapshot — 输出 comparison 对于 UI 和 serialization
- Coverage — Line, branch, 和 函数 metrics
- Mutation — Fault injection 到 验证 test quality
CLI Reference
| Flag | Effect |
|---|---|
--run | Execute the full test suite |
--coverage | Produce coverage report (HTML + lcov) |
--status | Show suite status, last run, pass/fail count |
Walkthrough
# Run all tests
./scripts/test-runner.sh --run# Generate coverage
./scripts/test-runner.sh --coverage
# Check status
./scripts/test-runner.sh --status
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制