ClawHub

TestDino — Test Memory for Agents

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed TestDino CI integration, but it should be installed only by users comfortable granting a TestDino token and approving local command execution.

Install only if you trust the TestDino MCP/npm packages and are comfortable giving OpenClaw a TestDino PAT plus approved mcporter execution. Use the least-privileged token available, avoid sharing or committing config files, restrict local file permissions, and review any cron jobs because they can send CI metadata to Slack, Discord, Telegram, WhatsApp, or similar destinations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly instructs the agent to use the `exec` tool to launch external binaries (`mcporter`, `testdino-mcp`), which is shell-capable behavior, yet no explicit permissions declaration or user-facing gating is present. That creates an execution surface where natural-language requests can trigger local subprocesses without transparent consent or policy scoping.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as a read-oriented CI intelligence integration, but the README also advertises mutation capabilities such as creating and updating manual test cases and suites. That expands the permission surface beyond the stated purpose, increasing the chance that users grant more authority than necessary and that prompt/tool misuse could cause unauthorized changes in TestDino.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Including manual test case and suite creation/update operations in a CI intelligence skill violates least privilege and creates unnecessary write access. If the agent is induced to call these tools, it could alter test artifacts, corrupt workflow data, or be abused for unauthorized changes despite the user expecting mostly read-only analysis.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to place a personal access token directly into plaintext configuration files under their home directory without any warning about credential handling. This raises the risk of token disclosure through local compromise, backups, dotfile sync, screenshots, shell history, or accidental sharing of config files.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README normalizes approving `mcporter` once so future `exec` invocations run automatically, but does not explain that this grants ongoing subprocess execution capability to the agent. In this skill’s context, that makes prompt misuse or future skill changes more dangerous because the agent can repeatedly invoke local commands without fresh scrutiny.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill is designed around broad plain-English prompts like 'show failures' or 'how did CI look,' which can overlap with ordinary conversation and increase the chance of accidental invocation. Because invocation leads to external command execution and access to CI data via a PAT-backed connector, unintended triggering has meaningful security and privacy implications.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The manifest advertises use of `TESTDINO_PAT`, a sensitive credential, but the skill text does not provide a clear warning about token sensitivity, storage expectations, or the scope of data accessible through it. This can lead users to expose or misuse credentials without understanding that the skill can query potentially sensitive CI and test history data.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill repeatedly instructs the agent to use `exec` for external command execution but gives no user-facing warning that local subprocesses will be launched. Even though the commands are specific, silent subprocess execution reduces transparency and can surprise users in environments where local command execution is sensitive or restricted.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal