Skillv1.0.0

ClawScan security

jenkins-fix · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 10:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly behaves like a Jenkins helper, but there are multiple inconsistencies (hardcoded internal Jenkins host/username, missing declared required env vars, and an odd absolute script path) that warrant caution before installing or supplying credentials.
Guidance: This skill appears to implement Jenkins operations, but there are red flags you should consider before use: - Do not supply Jenkins credentials (API token/password) unless you trust the skill source. The code and docs reference an internal host (http://jks.huimei-inc.com) and a default username — this suggests the skill was built for a specific organization. If you are not part of that organization, do not point your credentials at that host. - The registry metadata omitted declaring required environment variables, but the SKILL.md and scripts clearly expect JENKINS_URL, JENKINS_USERNAME and a token/password. That mismatch is sloppy and increases risk; ask the publisher why metadata differs from the runtime requirements. - The dingtalk helper references an absolute path to the handler ("/opt/homebrew/lib/node_modules/openclaw/skills/jenkins/scripts/jenkins_handler.py"), which looks misconfigured and may indicate the package was copied from another environment. Expect runtime errors or unexpected behavior; inspect and, if necessary, fix script paths before running. - If you decide to try it, run the scripts in an isolated environment (throwaway VM or container) and avoid putting long-lived credentials into global shell profiles. Prefer creating a dedicated minimal-permission API token for testing, and revoke it after evaluation. If you need to proceed in production, ask the publisher for provenance (source repository, maintainer identity), request corrected registry metadata, and consider auditing the full script contents and endpoints it contacts (Jenkins URL and any discovered OSS links) before supplying real credentials.

Review Dimensions

Purpose & Capability: concernThe declared purpose (Jenkins: list jobs, trigger builds, show results) matches the included code. However the SKILL.md and code include a hardcoded internal Jenkins URL (http://jks.huimei-inc.com) and default username ('jiaofu'), which ties the skill to a specific organization. Registry metadata declared no required environment variables, yet the instructions and code require JENKINS_URL, JENKINS_USERNAME and either JENKINS_API_TOKEN or JENKINS_PASSWORD. That mismatch is unexpected and disproportionate to a generic Jenkins helper.
Instruction Scope: noteThe SKILL.md instructs the user to set environment variables (JENKINS_URL, JENKINS_USERNAME, JENKINS_API_TOKEN/PASSWORD) and to source shell config files — these are reasonable for a Jenkins integration. The instructions explicitly point users to the internal host (jks.huimei-inc.com) and provide steps to obtain tokens from that host; this is appropriate only if you intend to operate against that specific Jenkins. The skill's instructions do not attempt to read unrelated system files, but they do encourage storing credentials in environment variables or shell profiles (which is sensitive and should be done carefully).
Install Mechanism: okThere is no install spec (instruction-only), so nothing is downloaded or written by an installer step. The repository includes two Python scripts which will be executed at runtime; absence of an install step is low-risk in terms of automatic downloads, but the included scripts will run in the agent environment when invoked.
Credentials: concernRequesting Jenkins credentials (username + API token or password) is appropriate for a Jenkins skill. However the registry metadata lists no required env vars while SKILL.md and the code require/expect JENKINS_URL, JENKINS_USERNAME and token/password — this metadata omission is inconsistent. Additionally, the code ships with defaults pointing to an internal host and username; providing real credentials to an untrusted skill that references a company-specific host is potentially risky.
Persistence & Privilege: okThe skill does not request always:true and does not claim to modify other skills or system-wide settings. It runs as a normal, user-invokable skill and does not request elevated persistence.