TestDino Playwright Reporting
v1.0.0Connect OpenClaw to TestDino for real-time Playwright CI intelligence. Ask about test failures, flaky tests, run history, and CI health in plain English.
⭐ 0· 66·0 current·0 all-time
byTestDino Devs@testdino-inc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The name and description match the declared requirements: mcporter and testdino-mcp CLIs plus TESTDINO_PAT are exactly what a TestDino integration needs. Minor note: the README and install-check.sh require Node.js/npx and curl, but Node.js/npx are not listed in the registry 'required binaries' metadata — this is an omission but not a sign of malicious intent.
Instruction Scope
SKILL.md confines runtime actions to executing mcporter calls to TestDino and setting up OpenClaw gateway crons. It asks the agent to run only the specific testdino commands and to obtain projectId via health first. It does instruct storing the PAT in OpenClaw config files and creating cron jobs that autonomously call those commands (expected for a monitoring integration). There are no instructions to read unrelated system files or exfiltrate arbitrary data.
Install Mechanism
This is an instruction-only skill (no packaged install). The recommended install path uses npm to install mcporter and testdino-mcp from the public npm registry, and the script uses curl/npx/npm to validate reachability — all standard. No downloads from untrusted URLs or archive extraction are present. The metadata lacks an explicit Node.js requirement despite the README/script relying on it.
Credentials
Only TESTDINO_PAT is required and declared as the primary credential, which is proportional to the skill. However, the instructions ask you to place the PAT into persistent config (~/.openclaw/openclaw.json and ~/.mcporter/mcporter.json), which stores a long-lived secret on disk and grants the agent the ability to call external APIs on your behalf. Consider whether you want that PAT saved in plaintext in those files.
Persistence & Privilege
always:false (normal). The skill guides you to add persistent configuration (openclaw.json entries and cron jobs) that enable scheduled autonomous runs and outgoing notifications. This is expected for a monitoring/alerting skill, but it increases blast radius if the PAT or gateway token is compromised — the skill itself does not request higher platform privileges or modify other skills.
Assessment
This skill appears to do what it claims, but review the following before installing: (1) Approve only the mcporter exec prompt when it appears and verify the mcporter/testdino-mcp packages are the official npm packages you expect. (2) Be aware you must store your TESTDINO_PAT in config files (~/.openclaw/openclaw.json and ~/.mcporter/mcporter.json), which persists a long-lived secret — consider creating a PAT with limited scope or rotating it periodically, and ensure those files have strict filesystem permissions. (3) The install-check script expects Node.js/npx and curl; make sure Node.js 18+ is installed. (4) Cron jobs will let the agent autonomously call TestDino and post to your channels (Slack/Discord/Telegram) — double-check destination IDs and gateway tokens you provide. (5) If you need higher assurance, inspect the mcporter and testdino-mcp package sources on npm/GitHub before installing and avoid pasting sensitive tokens into CLI history or shared shells.Like a lobster shell, security has layers — review code before you run it.
latestvk978za7mnv1fybhjn38mwcgn9s84bmvv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
OSLinux · macOS · Windows
Binsmcporter, testdino-mcp
EnvTESTDINO_PAT
Primary envTESTDINO_PAT