ClawHub
Back to skill
Skillv4.0.2

Static analysis security

Bloom Discovery · Deterministic local checks for risky code patterns and metadata mismatches.

Scanner verdict

SuspiciousApr 30, 2026, 5:03 AM
Summary
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
Reason codes
suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
Engine
v2.4.5

Evidence

criticalscripts/deploy-sbt.ts:40
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalsrc/integrations/bird-twitter.ts:103
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalsrc/bloom-identity-skill-v2.ts:77
Environment variable access combined with network send.
suspicious.env_credential_access
criticalsrc/bloom-mission-skill.ts:14
Environment variable access combined with network send.
suspicious.env_credential_access
criticalsrc/discovery-sync.ts:140
Environment variable access combined with network send.
suspicious.env_credential_access
criticalsrc/metrics/reporter.ts:16
Environment variable access combined with network send.
suspicious.env_credential_access
criticalsrc/recommendation-pipeline.ts:315
Environment variable access combined with network send.
suspicious.env_credential_access
criticalsrc/registry/erc8004.ts:51
Environment variable access combined with network send.
suspicious.env_credential_access
criticalsrc/usecase/claim.ts:13
Environment variable access combined with network send.
suspicious.env_credential_access
criticalsrc/utils/disk-cache.ts:45
Environment variable access combined with network send.
suspicious.env_credential_access
warnsrc/bloom-identity-skill-v2.ts:44
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnsrc/discovery-sync.ts:52
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnsrc/utils/disk-cache.ts:8
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration