Jenkins

The OpenClaw AgentSkills skill bundle for Jenkins is benign. It provides a legitimate client for interacting with the Jenkins CI/CD server via its REST API, requiring standard Jenkins credentials (URL, username, API token) through environment variables. The `scripts/jenkins.mjs` script correctly uses `encodeURIComponent` for URL paths and fetches CSRF crumbs for parameterized builds, demonstrating good security practices for API interaction. There is no evidence of data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts against the agent in `SKILL.md`.