ClawHub

Jenkins Executor Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Jenkins automation skill, but it gives an agent direct authority to start, stop, and read CI/CD jobs without enough safety limits.

Install only if you intentionally want an agent to operate Jenkins. Use a dedicated least-privilege Jenkins API token, prefer HTTPS, restrict the account to approved non-production or safe jobs where possible, and require human approval before triggering or stopping builds. Treat returned build logs as sensitive because they may contain secrets or internal operational details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill advertises the ability to trigger builds and forcibly stop running Jenkins jobs, both of which can directly affect production CI/CD workflows, but it provides no warning, confirmation step, or safety guidance. In the Jenkins context, these actions can interrupt deployments, invalidate builds, or cause service disruption if invoked accidentally or by a confused user.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs users to provide Jenkins URL, username, and token and states that HTTP Basic Auth is used, but gives no security guidance on secret handling, transport security, or log redaction. In a network-enabled CI/CD tool, this increases the risk of credential leakage, insecure transmission over HTTP, or accidental exposure of sensitive tokens in prompts, configs, or logs.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This tool exposes a direct build-trigger capability that causes external state changes in Jenkins without any confirmation, policy gate, or allowlist. In an agent setting, a prompt-injected or mistaken tool call could start deployments, expensive CI jobs, or other sensitive pipelines, turning normal automation into unintended operational impact.

Missing User Warnings

High
Confidence
94% confidence
Finding
Stopping a running Jenkins build is an interruptive and potentially destructive action, yet the tool performs it immediately with no confirmation or safety guardrails. In CI/CD environments this can abort releases, invalidate test evidence, interrupt production-change workflows, or leave downstream systems in inconsistent states if triggered accidentally or through prompt manipulation.

Unpinned Dependencies

Low
Category
Supply Chain
Content
openclaw-sdk>=1.0.0
jenkinsapi>=0.3.13
python-dotenv>=1.0.0
Confidence
97% confidence
Finding
openclaw-sdk>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openclaw-sdk>=1.0.0
jenkinsapi>=0.3.13
python-dotenv>=1.0.0
Confidence
98% confidence
Finding
jenkinsapi>=0.3.13

Unpinned Dependencies

Low
Category
Supply Chain
Content
openclaw-sdk>=1.0.0
jenkinsapi>=0.3.13
python-dotenv>=1.0.0
Confidence
99% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
87% confidence
Finding
python-dotenv

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal