Is test-runner safe?

https://clawhub.ai/cmanfre7/test-runner

95
SAFE

test-runner is a benign, documentation-only skill that provides reference material for writing and running tests across multiple languages and frameworks. It contains no executable code, no install scripts, no hidden instructions, and no data exfiltration vectors. The only files in the skill are SKILL.md (a markdown reference guide) and metadata JSON files. All monitoring signals are clean with no network activity and intact canary files.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

LOW Implicit shell execution authority -5

The skill instructs the agent to run shell commands (npm install, npx vitest, npx jest, npx playwright install, pytest, swift test). While this is the expected purpose of a test-runner skill, it grants the agent implicit authority to execute arbitrary shell commands in the testing context.

LOW Playwright browser binary download -5

The skill includes 'npx playwright install' which downloads browser binaries from the internet. This is standard Playwright usage but represents a network-fetching operation.

INFO Host runtime reads sensitive files during initialization -10

The OpenClaw agent runtime (not the skill) read .env, .aws/credentials, .openclaw/openclaw.json, .profile, and .bashrc during its initialization sequence. This is platform behavior unrelated to the skill content, as the skill contains no executable code or install hooks.