← Back to Skills Marketplace
OpenClaw TDD Assistant
by
michealxie001
· GitHub ↗
· v1.1.0
· MIT-0
84
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install oc-tdd
Description
Test-Driven Development assistant. Generates test cases from code or specifications, runs tests, tracks coverage, and guides the red-green-refactor cycle. Su...
Usage Guidance
This skill is largely coherent with a local TDD assistant, but take these precautions before installing or running it: 1) Run the scripts in an isolated environment (temporary VM, container, or a sandboxed workspace) because executing tests will import and run your project code and could execute arbitrary code. 2) Be aware the tool writes coverage and pytest JSON to /tmp — in multi-user or CI runners this can cause conflicts or expose data; consider editing the scripts to use per-run temp files or a local directory. 3) The documentation claims JavaScript/Go support but the provided code implements Python (and only conditional C support) — don't expect Jest/go test functionality from this package as-is. 4) The generated tests import modules with 'from <module> import *' which can trigger module-level side effects; review generated tests before running. 5) Ensure required tools (pytest, coverage, optional C support libraries) are installed in your environment. If you need higher assurance, review the scripts locally or run them on a disposable container/CI runner first.
Capability Analysis
Type: OpenClaw Skill
Name: oc-tdd
Version: 1.1.0
The bundle provides TDD utilities for test generation and execution, but contains several high-risk patterns and vulnerabilities. Specifically, scripts/coverage.py and scripts/runner.py use hardcoded, predictable temporary file paths in /tmp (e.g., /tmp/coverage.json and /tmp/pytest_report.json), which are vulnerable to symlink attacks on multi-user systems. Additionally, the tool executes subprocesses using user-provided targets and dynamically modifies the Python path to load external 'c-support' libraries, which increases the attack surface for local privilege escalation or code injection.
Capability Assessment
Purpose & Capability
Overall the name/description (TDD assistant: generate tests, run tests, track coverage) matches the included scripts which implement generation, running, and coverage for Python and optional C support. However the SKILL.md repeatedly claims support for Jest and go test (JavaScript/Go) while the included code implements Python first-class and only conditional C/Unity support; JavaScript and Go frameworks are not implemented in these scripts. This is a capability mismatch (misleading documentation) but not evidence of malicious behavior.
Instruction Scope
Instructions tell the agent to run the included Python scripts to generate/run tests and produce coverage. That's expected for a TDD tool. Important behavioral notes: running tests will import and execute the project's code (normal for test runners) so arbitrary project code will run; the generator creates tests that import modules using 'from <module> import *' which can trigger module-level side effects. The scripts also read/write standard project files and write reports to /tmp (e.g., /tmp/coverage.json, /tmp/pytest_report.json) — this uses shared temporary locations and could cause race/contamination in multi-tenant environments.
Install Mechanism
There is no remote install or download step; the skill is instruction-only with included scripts. No external URLs, package installs, or archive extraction occur as part of the skill. This is low install risk. The scripts do rely on pytest (and optional C support libraries) being available on the system.
Credentials
The skill declares no required environment variables, credentials, or config paths and the code does not request secrets. It operates on workspace files and uses standard temp paths. This is proportionate to a TDD utility. Note: it writes to /tmp and will read project files — expected behavior but worth noting.
Persistence & Privilege
always is false and the skill doesn't request persistent system-wide privileges, nor does it modify other skills or system config. It only reads/writes files within the project and temp directories.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install oc-tdd - After installation, invoke the skill by name or use
/oc-tdd - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Added C/C++ Unity test framework support with CMake integration
Metadata
Frequently Asked Questions
What is OpenClaw TDD Assistant?
Test-Driven Development assistant. Generates test cases from code or specifications, runs tests, tracks coverage, and guides the red-green-refactor cycle. Su... It is an AI Agent Skill for Claude Code / OpenClaw, with 84 downloads so far.
How do I install OpenClaw TDD Assistant?
Run "/install oc-tdd" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw TDD Assistant free?
Yes, OpenClaw TDD Assistant is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OpenClaw TDD Assistant support?
OpenClaw TDD Assistant is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw TDD Assistant?
It is built and maintained by michealxie001 (@michealxie001); the current version is v1.1.0.
More Skills