Back to skill
Skillv1.0.2
Static analysis security
openclaw-reflect · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 30, 2026, 5:01 AM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.4.5
Evidence
criticalhooks/session-end.js:35
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalscripts/apply.js:61
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalscripts/hook-pipeline.js:34
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalscripts/evaluate.js:30
Environment variable access combined with network send.
suspicious.env_credential_access
criticaltest/run-eval-test.js:28
Environment variable access combined with network send.
suspicious.env_credential_access
warnscripts/evaluate.js:42
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warntest/run-eval-test.js:140
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration