critical
suspicious.dangerous_exec
- Location
- scripts/audit.mjs:53
- Finding
- Shell command execution detected (child_process).
Flatnotes + Tasks.md GitHub Audit
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
When run, the skill can execute gh commands in your local environment and use whatever GitHub account the CLI is currently configured for.
Why it was flagged
The bundled script runs the local GitHub CLI. This is aligned with the stated GitHub reconciliation purpose, but it is still local tool execution.
Skill content
import { execFile } from 'node:child_process'; ... await execFileP('gh', args, { timeout: 30_000, maxBuffer: 10 * 1024 * 1024, ...opts });Recommendation
Run it intentionally from a trusted directory and verify that gh is authenticated to the intended GitHub account.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
The audit may access private GitHub PR metadata that your local gh account can read.
Why it was flagged
The skill expects to use the local gh authentication state when available. The artifacts show read-oriented PR listing, not token capture or GitHub mutation.
Skill content
If `gh` is not authenticated, the audit still runs but GitHub checks will be marked as `SKIPPED_GITHUB`.
Recommendation
Make sure the active gh account and repository access are appropriate before running the audit.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
The report may include project names, task titles, file paths, missing-link information, and GitHub reconciliation details.
Why it was flagged
The audit reads local task and note stores, which can contain private project details. This is necessary for the stated purpose, but users should treat generated reports as potentially sensitive.
Skill content
Tasks.md root: `/home/ds/.config/appdata/tasksmd/tasks` ... Flatnotes root: `/home/ds/.config/appdata/flatnotes/data`
Recommendation
Inspect `tmp/flatnotes-tasksmd-audit.md` and `.json` before sharing them, and override the roots only to directories you intend to audit.
NoteMedium Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Installation metadata may not warn users that running the skill depends on Node and optionally the GitHub CLI.
Why it was flagged
The skill is packaged without declared runtime requirements, while SKILL.md instructs running a Node script and using gh. This is an under-declared dependency/provenance issue, not evidence of hidden behavior.
Skill content
No install spec — this is an instruction-only skill. ... Required binaries (all must exist): none
Recommendation
Confirm Node is expected, review the bundled script before running it, and authenticate gh only if you want GitHub checks performed.