Use when writing tests, creating test strategies, or building automation frameworks. Invoke for unit tests, integration tests, E2E, coverage analysis, performance testing, security testing.
Security Analysis
high confidenceThe skill is an instruction-only testing specialist with documentation and code snippets; its requested footprint (no installs, no env vars, no binaries) matches its stated purpose and I found no signs of incoherent or malicious behavior.
Name/description (test strategy, automation, perf, security testing) align with the content: guidance, patterns, and sample test code. The skill requests no binaries, credentials, or installs — appropriate for a documentation-only testing assistant.
SKILL.md and the reference files contain recipes, sample test code and templates only. There are sample network calls (e.g., to localhost endpoints, /api/test/seed) and example test credentials/card numbers used as examples — these are typical for test code and the skill explicitly forbids using production data. The instructions do not direct the agent to read unrelated local files, exfiltrate secrets, or contact unknown remote endpoints.
No install spec is provided (instruction-only). No archives or remote downloads are requested, so nothing is written to disk or executed automatically — lowest-risk pattern for a skill.
The skill declares no required environment variables, credentials, or config paths. All example code uses test/local endpoints and sample data; no unrelated secrets or broad credential access is requested.
Flags: always=false and model invocation allowed (default). The skill does not request persistent presence or modify other skills or system settings. Autonomous invocation is standard and not problematic here given the low privilege footprint.
Guidance
This skill is documentation and examples for testing — it appears internally consistent and contains no installs or credential requests. Before installing or allowing the agent to run tests autonomously: (1) avoid running example tests against production systems or real user data, (2) do not provide real credentials or API keys to the agent, and (3) if you plan to have an agent execute tests, restrict which endpoints and environments (test/stage) it may contact and audit any CI/CD integration it will use. No scanner findings were present because this is instruction-only content.
Latest Release
v0.1.0
Initial release of test-master skill. - Provides comprehensive guidance on unit, integration, E2E, performance, and security testing. - Includes reference guides for test methodologies, automation frameworks, and quality metrics. - Outlines core workflows for defining scope, strategizing, test implementation, execution, and reporting. - Specifies mandatory testing practices and common constraints. - Supports test planning with structured output templates and severity-based findings. - Lists related testing skills and contextual knowledge sources.
More by @Veeramanikandanr48
Published by @Veeramanikandanr48 on ClawHub
