ClawHub

Newman

Security checks across malware telemetry and agentic risk

Overview

This Newman skill is coherent for API testing, but its included test runner can execute unintended shell commands if given crafted inputs.

Review before installing or running. Prefer fixing scripts/run-tests.sh to remove eval and validate reporters, paths, iterations, and timeouts, or run Newman directly with trusted inputs. Use scoped test credentials, avoid production unless explicitly intended, and restrict access to generated reports and CI artifacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script builds a shell command string from user-controlled inputs such as collection path, environment path, reporters, output directory, iterations, and timeout, then executes it with `eval`. Even though some fields are wrapped in quotes during string construction, `eval` causes the shell to re-parse the assembled string, so crafted input containing shell metacharacters or quote-breaking payloads can trigger arbitrary command execution on the host running the tests.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README includes a live-looking secret value in an `export API_KEY=...` example, which can normalize unsafe handling of credentials and lead users to paste real secrets directly into shell commands. Even if the value is illustrative, shell history, terminal logging, screen recordings, and copied documentation can expose real credentials when users follow this pattern.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger text is broad enough to activate on generic testing or automation requests, which can cause the agent to invoke this skill in contexts the user did not specifically intend. Over-broad routing increases the chance of running network-capable test tooling, installing packages, or handling sensitive collection/environment files unnecessarily, expanding the attack surface and risk of unintended external requests.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The documentation demonstrates decrypting an API key inside a collection and then attaching it directly to the Authorization header, but it does not warn about the risks of exposing long-lived secrets in Postman/Newman environments, scripts, logs, exports, or downstream requests. This can normalize unsafe secret-handling patterns and lead users to store decryption keys and encrypted secrets together in the same execution context, undermining the protection and increasing the chance of credential leakage.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples inject secrets into Newman runs and then generate/upload reports and artifacts, but do not warn that request/response data, environment values, console output, or reporter output can inadvertently include sensitive tokens. In CI contexts, this can lead to credential exposure in logs, HTML/XML/JSON artifacts, or third-party reporting actions, especially if test scripts echo variables or APIs reflect secrets.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation includes examples that run smoke/API tests directly against production environments without any caution about side effects on live systems. Even read-heavy or seemingly safe test collections can mutate state, trigger alerts, consume quotas, or impact availability if executed automatically in CI/CD pipelines.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal