critical
suspicious.dangerous_exec
- Location
- scripts/export-to-notes.js:160
- Finding
- Shell command execution detected (child_process).
skroller
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access (+1 more)
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
A malicious social-media post included in an export could run commands on the user's computer.
Why it was flagged
Scraped post text is placed into markdown, then interpolated into a shell command with incomplete escaping; title and tags are also interpolated. A crafted post or argument could execute local shell commands when exporting to Bear.
Skill content
const tagArgs = tagList.map(t => `--tag "${t}"`).join(' '); const escaped = markdown.replace(/"/g, '\\"').replace(/\$/g, '\\$'); const command = `echo "${escaped}" | grizzly create --title "${title}" ${tagArgs}`; execSync(command, { stdio: 'inherit' });Recommendation
Do not use the Bear export until it is rewritten to avoid shell interpolation, such as using execFile/spawn with argument arrays and passing note content through stdin.
ConcernMedium Confidence
ASI03: Identity and Privilege AbuseWhat this means
Exports could use unexpected account authority or send collected content to an account the user did not intend.
Why it was flagged
The exporter reads provider credentials and the static scan shows an apparent hardcoded Microsoft Graph token that would take precedence over the environment token.
Skill content
const notionKey = apiKey || process.env.NOTION_API_KEY; ... accessToken: [REDACTED] || process.env.MS_GRAPH_TOKEN,
Recommendation
Remove any embedded tokens, require explicit user-supplied credentials, and declare Notion/Microsoft Graph credential requirements in metadata.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Using the skill as documented could violate platform rules, trigger account bans, or collect data in ways users did not intend.
Why it was flagged
The documentation goes beyond normal rate-limit guidance into evasion-style scraping practices, including residential proxy rotation and simulated human behavior.
Skill content
## Anti-Bot Avoidance ... Mouse Movement Simulation ... Proxy Rotation For high-volume scraping: - Use residential proxies - Rotate every 10-20 requests
Recommendation
Prefer official APIs, remove proxy/evasion guidance, and stop automation when platforms block or disallow access.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Dependency installation may pull a newer compatible package version than the author tested.
Why it was flagged
The skill depends on an external package with a semver range rather than a lockfile-pinned version; this is expected for Playwright scraping but should be installed from a trusted source.
Skill content
"dependencies": { "playwright": "^1.40.0" }Recommendation
Use a trusted package registry, review the package-lock if one is added, and pin dependency versions for reproducible installs.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
A local record of scraped post identifiers or URLs may remain after the task is done.
Why it was flagged
The deduplication feature persists seen scraped posts across runs in a local file.
Skill content
const seenPath = path.join(process.cwd(), '.skroller-seen.json'); ... fs.writeFileSync(seenPath, JSON.stringify(seen, null, 2));
Recommendation
Review or delete .skroller-seen.json when finished, and avoid storing scraped personal data longer than needed.
Findings (4)
critical
suspicious.dynamic_code_execution
- Location
- scripts/skroller.js:28
- Finding
- Dynamic code execution detected.
critical
suspicious.env_credential_access
- Location
- scripts/export-to-notes.js:232
- Finding
- Environment variable access combined with network send.
critical
suspicious.exposed_secret_literal
- Location
- scripts/export-to-notes.js:620
- Finding
- File appears to expose a hardcoded API secret or token.