Code Tester
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: code-tester Version: 1.0.0 The skill bundle contains a significant shell injection vulnerability in `scripts/resolve_project.sh` due to the use of `eval echo "$INPUT"` to expand project paths. While the bundle's stated purpose of building and testing Rust, Go, and Java projects is legitimate, this flaw allows for arbitrary command execution if the input is manipulated. The core logic in `scripts/test.sh` and the instructions in `SKILL.md` appear benign, but the insecure handling of path resolution poses a high risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental project path could run commands in the agent's local environment instead of only selecting a project to test.
The resolver evaluates a user-supplied argument with shell eval before validating it as a directory, so a crafted path-like input could execute arbitrary shell commands if this helper is used.
INPUT="$1" ... EXPANDED=$(eval echo "$INPUT")
Remove eval and use safe path handling, such as explicit $HOME expansion, realpath/readlink validation, strict workspace allowlisting, and quoted arguments.
Testing an untrusted project can run that project's build scripts, tests, plugins, or wrappers, which may modify files or access the local environment.
The skill intentionally runs language build and test tools, including a repository-supplied Gradle wrapper. This is expected for a code-testing skill, but it executes project-controlled code.
cargo test ... go test ./... mvn test ./gradlew test ./gradlew build -x test
Use this skill only on trusted or sandboxed projects, and consider timeouts or container isolation for third-party code.
The skill may fail or rely on locally installed build tools that were not declared in the registry requirements.
The metadata does not declare required binaries even though the skill's documented workflow and scripts depend on cargo, go, mvn, or gradlew. This is a disclosure/setup gap rather than hidden installation behavior.
Required binaries (all must exist): none Required binaries (at least one): none
Declare the relevant optional or required build tools in metadata, or have the skill clearly check and report missing tools before running.
Build or test output that contains sensitive details could remain in local /tmp log files after the run.
The script writes build and test output to fixed temporary log files. Similar tee usage appears across supported project types.
cargo test 2>&1 | tee /tmp/code-tester-tests.log ... cargo build 2>&1 | tee /tmp/code-tester-build.log
Avoid printing secrets in build/test logs, and consider cleaning these temporary files after reporting results.