critical
suspicious.dangerous_exec
- Location
- src/cli.js:32
- Finding
- Shell command execution detected (child_process).
YouTube Digest
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If the agent runs this skill on a malicious or malformed URL, unintended commands could execute on the user’s computer.
Why it was flagged
The CLI takes the URL from command-line arguments and interpolates it into a shell command. Double quotes do not safely prevent shell metacharacters or command substitution, and the code validates only that a YouTube-looking ID exists while still passing the original URL to the shell.
Skill content
const url = args[1]; ... execSync(`yt-dlp --dump-json --no-download "${url}"`, {Recommendation
Replace execSync shell strings with execFile/spawn using an argument array, or strictly accept only an 11-character video ID and reconstruct the YouTube URL internally before calling yt-dlp.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Users may not realize they need to install and trust an external command-line tool before the skill works.
Why it was flagged
The code requires an external yt-dlp binary, while the registry requirements list no required binaries and SKILL.md says it uses YouTube's transcript API. This is purpose-aligned but under-disclosed.
Skill content
execSync('which yt-dlp', { stdio: 'pipe' }); ... console.error('❌ yt-dlp is required. Install with: brew install yt-dlp');Recommendation
Declare yt-dlp as a required binary in metadata and document the actual implementation path clearly in SKILL.md.