ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Newman

v1.0.0

Automated API testing with Postman collections via Newman CLI. Use when user requests API testing, collection execution, automated testing, CI/CD integration, or mentions "Postman", "Newman", "API tests", "run collection", or "automated testing".

0· 775·1 current·1 all-time
byazzar budiyanto@1999azzar

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for 1999azzar/newman.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Newman" (1999azzar/newman) from ClawHub.
Skill page: https://clawhub.ai/1999azzar/newman
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install 1999azzar/newman

ClawHub CLI

Package manager switcher

npx clawhub@latest install newman
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Newman CLI runner) align with the provided SKILL.md, README, and scripts. The package contains installation, test-runner, and security-audit scripts that are exactly what an automated Postman/Newman skill would need.
Instruction Scope
Runtime instructions focus on running Newman, exporting collections/environments, CI integration, and security scanning. Advanced examples include optional reporters (e.g., Slack webhook) and custom reporters that POST run summaries to external endpoints — this is expected for reporters but is an area where users must configure trusted endpoints to avoid leaking test data.
Install Mechanism
There is no automated binary download in the skill itself; installation relies on npm (npm install -g newman etc.), standard for Newman. No obscure or shortener URLs or extracted archives from unknown hosts are used in the included scripts or docs.
Credentials
Registry metadata declares no required env vars (none required by platform), but scripts and docs reference common test secrets (API_KEY, DB_PASSWORD, ENCRYPTION_KEY) and optional reporter/webhook env variables. This is reasonable — they are optional and typical for API testing — but the skill will read/expect these environment variables if present and will warn about missing values.
Persistence & Privilege
Skill does not request always: true and does not modify other skills. It is instruction-focused with scripts that run locally; nothing in the package asks for permanent platform-wide privileges.
Assessment
This skill appears to be a straightforward Newman (Postman CLI) runner with sensible helpers and a security-audit script. Before installing or running it: 1) Verify the skill source — README references a GitHub repo/maintainer but the registry 'Source' and homepage are unknown; prefer installing from a trusted repo or your own vetted copy. 2) Do not commit collections or environment files that contain secrets; the included audit script helps detect hardcoded secrets but is not foolproof. 3) Be cautious when configuring reporters that send results externally (Slack/webhooks) — those endpoints may receive sensitive request/response data. 4) The install step runs npm install -g newman (remote package execution) — if you require stricter control, audit the npm packages or install pinned versions from an approved mirror. 5) If you plan to use encryption scripts (ENCRYPTION_KEY) or CI examples, store credentials in your platform's secrets store and ensure keys/webhooks are trusted. Overall: coherent and appropriate for the stated purpose, but practice standard secret- and source-verification hygiene.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ajrmmcssw34ja1k351fwrh5810qx3
775downloads
0stars
1versions
Updated 6h ago
v1.0.0
MIT-0
azzar budiyanto@1999azzar
latest
Download

Newman - Postman CLI Runner

Newman is the command-line Collection Runner for Postman. Run and test Postman collections directly from the command line with powerful reporting, environment management, and CI/CD integration.

Quick Start

Installation

# Global install (recommended)
npm install -g newman

# Project-specific
npm install --save-dev newman

# Verify
newman --version

Basic Execution

# Run collection
newman run collection.json

# With environment
newman run collection.json -e environment.json

# With globals
newman run collection.json -g globals.json

# Combined
newman run collection.json -e env.json -g globals.json -d data.csv

Core Workflows

1. Export from Postman Desktop

In Postman:

  1. Collections → Click "..." → Export
  2. Choose "Collection v2.1" (recommended)
  3. Save as collection.json

Environment:

  1. Environments → Click "..." → Export
  2. Save as environment.json

2. Run Tests

# Basic run
newman run collection.json

# With detailed output
newman run collection.json --verbose

# Fail on errors
newman run collection.json --bail

# Custom timeout (30s)
newman run collection.json --timeout-request 30000

3. Data-Driven Testing

CSV format:

username,password
user1,pass1
user2,pass2

Run:

newman run collection.json -d test_data.csv --iteration-count 2

4. Reporters

# CLI only (default)
newman run collection.json

# HTML report
newman run collection.json --reporters cli,html --reporter-html-export report.html

# JSON export
newman run collection.json --reporters cli,json --reporter-json-export results.json

# JUnit (for CI)
newman run collection.json --reporters cli,junit --reporter-junit-export junit.xml

# Multiple reporters
newman run collection.json --reporters cli,html,json,junit \
  --reporter-html-export ./reports/newman.html \
  --reporter-json-export ./reports/newman.json \
  --reporter-junit-export ./reports/newman.xml

5. Security Best Practices

❌ NEVER hardcode secrets in collections!

Use environment variables:

# Export sensitive vars
export API_KEY="your-secret-key"
export DB_PASSWORD="your-db-pass"

# Newman auto-loads from env
newman run collection.json -e environment.json

# Or pass directly
newman run collection.json --env-var "API_KEY=secret" --env-var "DB_PASSWORD=pass"

In Postman collection tests:

// Use {{API_KEY}} in requests
pm.request.headers.add({key: 'Authorization', value: `Bearer {{API_KEY}}`});

// Access in scripts
const apiKey = pm.environment.get("API_KEY");

Environment file (environment.json):

{
  "name": "Production",
  "values": [
    {"key": "BASE_URL", "value": "https://api.example.com", "enabled": true},
    {"key": "API_KEY", "value": "{{$processEnvironment.API_KEY}}", "enabled": true}
  ]
}

Newman will replace {{$processEnvironment.API_KEY}} with the environment variable.

Common Use Cases

CI/CD Integration

See references/ci-cd-examples.md for GitHub Actions, GitLab CI, and Jenkins examples.

Automated Regression Testing

#!/bin/bash
# scripts/run-api-tests.sh

set -e

echo "Running API tests..."

newman run collections/api-tests.json \
  -e environments/staging.json \
  --reporters cli,html,junit \
  --reporter-html-export ./test-results/newman.html \
  --reporter-junit-export ./test-results/newman.xml \
  --bail \
  --color on

echo "Tests completed. Report: ./test-results/newman.html"

Load Testing

# Run with high iteration count
newman run collection.json \
  -n 100 \
  --delay-request 100 \
  --timeout-request 5000 \
  --reporters cli,json \
  --reporter-json-export load-test-results.json

Parallel Execution

# Install parallel runner
npm install -g newman-parallel

# Run collections in parallel
newman-parallel -c collection1.json,collection2.json,collection3.json \
  -e environment.json \
  --reporters cli,html

Advanced Features

Custom Scripts

Pre-request Script (in Postman):

// Generate dynamic values
pm.environment.set("timestamp", Date.now());
pm.environment.set("nonce", Math.random().toString(36).substring(7));

Test Script (in Postman):

// Status code check
pm.test("Status is 200", function() {
    pm.response.to.have.status(200);
});

// Response body validation
pm.test("Response has user ID", function() {
    const jsonData = pm.response.json();
    pm.expect(jsonData).to.have.property('user_id');
});

// Response time check
pm.test("Response time < 500ms", function() {
    pm.expect(pm.response.responseTime).to.be.below(500);
});

// Set variable from response
pm.environment.set("user_token", pm.response.json().token);

SSL/TLS Configuration

# Disable SSL verification (dev only!)
newman run collection.json --insecure

# Custom CA certificate
newman run collection.json --ssl-client-cert-list cert-list.json

# Client certificates
newman run collection.json \
  --ssl-client-cert client.pem \
  --ssl-client-key key.pem \
  --ssl-client-passphrase "secret"

Error Handling

# Continue on errors
newman run collection.json --suppress-exit-code

# Fail fast
newman run collection.json --bail

# Custom error handling in wrapper
#!/bin/bash
newman run collection.json -e env.json
EXIT_CODE=$?

if [ $EXIT_CODE -ne 0 ]; then
    echo "Tests failed! Exit code: $EXIT_CODE"
    # Send alert, rollback deployment, etc.
    exit 1
fi

Troubleshooting

Collection not found:

  • Use absolute paths: newman run /full/path/to/collection.json
  • Check file permissions: ls -la collection.json

Environment variables not loading:

  • Verify syntax: {{$processEnvironment.VAR_NAME}}
  • Check export: echo $VAR_NAME
  • Use --env-var flag as fallback

Timeout errors:

  • Increase timeout: --timeout-request 60000 (60s)
  • Check network connectivity
  • Verify API endpoint is reachable

SSL errors:

  • Development: Use --insecure temporarily
  • Production: Add CA cert with --ssl-extra-ca-certs

Memory issues (large collections):

  • Reduce iteration count
  • Split collection into smaller parts
  • Increase Node heap: NODE_OPTIONS=--max-old-space-size=4096 newman run ...

Best Practices

  1. Version Control: Store collections and environments in Git
  2. Environment Separation: Separate files for dev/staging/prod
  3. Secret Management: Use environment variables, never commit secrets
  4. Meaningful Names: Use descriptive collection and folder names
  5. Test Atomicity: Each request should test one specific thing
  6. Assertions: Add comprehensive test scripts to every request
  7. Documentation: Use Postman descriptions for context
  8. CI Integration: Run Newman in CI pipeline for every PR
  9. Reports: Archive HTML reports for historical analysis
  10. Timeouts: Set reasonable timeout values for production APIs

References

Comments

Loading comments...