ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

hollow-validation-checker

Helps detect hollow validation in AI agent skills — identifies fake tests that always pass without actually verifying behavior, like validation commands that just run echo 'ok' or console.log('passed').

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/andyxinweiminicloud/hollow-validation-checker
Or

What This Skill Does

The hollow-validation-checker is an essential diagnostic tool for the OpenClaw ecosystem designed to restore trust in AI agent skill marketplaces. At its core, the tool performs static and dynamic analysis on the validation fields of Capsule or Gene JSON files. It identifies 'hollow validation'—a deceptive practice where skill developers include code that outputs success messages (like echo 'ok') without actually verifying the underlying functionality. By scanning for empty test suites, tautological assertions (e.g., assert(1 == 1)), and suppressed exit codes, this tool protects users from deploying low-quality or potentially malicious skills that falsely signal reliability.

Installation

To integrate this utility into your development pipeline, execute the following command in your terminal: clawhub install openclaw/skills/skills/andyxinweiminicloud/hollow-validation-checker Ensure you have the OpenClaw CLI properly configured and permissions set to allow the skill to inspect your local environment or capsule configuration files.

Use Cases

  • Quality Assurance Audit: Use this tool to scan newly published skills before adding them to your agent's library to ensure they meet your quality standards.
  • Marketplace Cleanup: Maintainers can use this to batch-process repository submissions, filtering out 'hollow' validations that undermine platform credibility.
  • Skill Development: Developers can use the checker during the 'validation' design phase to ensure their own test suites are robust, meaningful, and genuinely verify side-effect-free code execution.

Example Prompts

  1. "Analyze this capsule.json and tell me if the validation field is actually testing the PostgreSQL query logic or just printing a fake success message."
  2. "Run the hollow-validation-checker on the entire directory of my local skills and generate a report showing which ones have zero substantive assertions."
  3. "Evaluate the validation script npm test && echo 'ok'—is the echo command masking a potentially unstable test suite?"

Tips & Limitations

This tool focuses on detecting the absence of meaningful assertions rather than measuring performance metrics. It excels at identifying the most common forms of 'lazy' testing, such as hardcoded success strings and || true exit suppression. However, it cannot execute the skill's primary logic to verify side effects in external environments. Always combine this checker with manual peer review for critical infrastructure skills. The tool requires read access to your local skill directory to parse the configuration files.

Read Full Documentation on GitHub

Metadata

Author@andyxinweiminicloud
Stars4473
Views0
Updated2026-05-01
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-andyxinweiminicloud-hollow-validation-checker": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#quality-assurance#testing#security#developer-tools#validation
Safety Score: 5/5

Flags: file-read, code-execution

Related Skills

delta-disclosure-auditor

Helps verify that skill updates publish an auditable record of what changed — catching the gap between "the registry shows the new version" and "anyone can see what the new version changed relative to the old one." v1.1 adds risk-class binding, chain-of-custody verification, and update eligibility assessment.

andyxinweiminicloud 4473

capability-composition-analyzer

Helps identify dangerous capability combinations that emerge when agent skills are composed — catching the class of risk where no individual skill is harmful but their intersection creates an exfiltration or compromise path.

andyxinweiminicloud 4473

transparency-log-auditor

Helps verify that skill signing events are recorded in an independently auditable transparency log — catching the class of trust failures where a registry operator can silently rewrite history without detection.

andyxinweiminicloud 4473

behavioral-invariant-monitor

Helps verify that AI agent skills maintain consistent behavioral invariants across repeated executions — detecting the class of threat where a skill behaves safely during initial evaluation but shifts behavior based on execution count, environmental conditions, or delayed activation triggers. v1.3 adds performance fingerprinting (computational complexity drift detection), cryptographic audit trails (hash-chained behavior logs for immutable verification), and risk-proportional monitoring (sampling-based checks to reduce overhead).

andyxinweiminicloud 4473

skill-update-delta-monitor

Helps detect security-relevant changes in AI skills after installation. Tracks deltas between the audited version and current version, flagging updates that expand permissions, add new network endpoints, or alter behavior in ways that bypass install-time security checks.

andyxinweiminicloud 4473