critical
suspicious.dangerous_exec
- Location
- scripts/setup-crons.js:875
- Finding
- Shell command execution detected (child_process).
Openclaw Podcast
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Podcast episodes may be based on sensitive project notes, priorities, metrics, or blockers from your workspace.
Why it was flagged
The skill explicitly reads workspace memory files and uses the Superlore API to generate podcast briefings, so private work context may leave the local workspace.
Skill content
network: "HTTPS requests to superlore-api.onrender.com" ... filesystem: "Reads workspace files (memory/*.md, JOBS.md, HEARTBEAT.md, MEMORY.md)."
Recommendation
Use this only in workspaces whose contents you are comfortable sending to Superlore. Review dry-run output where available, avoid storing secrets in memory files, and verify episodes are created as private.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone or any process that can read your shell profile may be able to access the Superlore API key.
Why it was flagged
The setup wizard can store the Superlore API key in the user's shell startup file so future runs can authenticate.
Skill content
fs.appendFileSync(rcFile, `\n# Superlore Podcast Briefings\nexport SUPERLORE_API_KEY="${apiKey}"\n`);Recommendation
Save the key to your shell profile only if you are comfortable with that persistence. Keep file permissions tight and rotate the key if it is exposed.
NoteHigh Confidence
ASI10: Rogue AgentsWhat this means
If scheduled, the skill may continue generating podcast episodes and sending workspace context on the configured cadence.
Why it was flagged
The skill supports recurring scheduled podcast generation, which is disclosed and user-confirmed but creates ongoing automated activity.
Skill content
cron: "Setup wizard outputs openclaw cron commands for scheduling. Runs them only with explicit user confirmation."
Recommendation
Confirm the exact schedule before enabling it, periodically review configured OpenClaw cron jobs, and remove schedules you no longer want.
NoteMedium Confidence
ASI05: Unexpected Code ExecutionWhat this means
Running the setup wizard may execute local scheduling commands, not just print instructions.
Why it was flagged
The setup script imports Node's child_process functionality, and the static scan also reported shell command execution in this file.
Skill content
const { execFileSync } = require('child_process');Recommendation
Run the setup script only from a trusted checkout, read any commands it proposes before confirming, and add cron jobs manually if you prefer stricter control.