Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
NewAPI
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its NewAPI management purpose, but it includes broad credential loading and an arbitrary shell-command helper that can run commands with a real API key.
Install only if you are comfortable giving this skill NewAPI management access. Avoid exec-token unless you fully trust and review the exact command, prefer placeholder-based config updates, keep .env files minimal, and consider using a dedicated low-privilege NewAPI access token.
Static analysis
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A mistaken or malicious command could expose the API key or make unwanted changes on the user's machine or in another tool.
Why it was flagged
The helper inserts the real NewAPI key into a user-supplied command string and runs it through a shell. Output is sanitized afterward, but the command itself can still leak the key, store it, or perform unrelated local/network actions.
Skill content
const realCommand = commandTemplate.split(placeholder).join(fullKey); ... stdout = execSync(realCommand, { shell: true, ... timeout: 30000 });Recommendation
Use exec-token only for explicit, trusted, user-reviewed commands. Prefer apply-token for config files, avoid shell=true where possible, pass secrets through stdin or a restricted environment, and add command allowlists or confirmation for high-impact actions.
What this means
Secrets unrelated to NewAPI may become available to the skill process or to commands run through the skill.
Why it was flagged
The loader imports every variable from project and skill .env files into process.env rather than only NEWAPI_BASE_URL, NEWAPI_ACCESS_TOKEN, and NEWAPI_USER_ID. That can pull unrelated project secrets into the skill process and any child commands it starts.
Skill content
loadEnv(path.join(projectRoot, ".env")); loadEnv(path.join(skillDir, ".env")); ... if (process.env[key] === undefined) { process.env[key] = value; }Recommendation
Limit .env parsing to the three NewAPI variables, declare the required credentials in metadata, and run child commands with a minimal explicit environment.
What this means
The skill can create usable API credentials, change token access groups, and access token keys when asked.
Why it was flagged
The skill is designed to create and modify NewAPI tokens and retrieve real token keys. This matches the stated purpose, but it requires meaningful account authority.
Skill content
`create-token` ... POST /api/token/ ... `switch-group` ... PUT /api/token/ ... `copy-token` ... retrieves the real key for a token
Recommendation
Use a least-privilege NewAPI access token if available, review token/group changes before running them, and revoke any token that may have been exposed.
What this means
If redaction misses a secret, sensitive config content could appear in the conversation.
Why it was flagged
scan-config intentionally reads selected config files and returns sanitized content to the agent context. The docs disclose that redaction is heuristic and may miss some secrets.
Skill content
`scan-config` provides a best-effort structural view ... not guaranteed to catch every sensitive value in every file format
Recommendation
Run scan-config only on files you intend to share structurally, avoid highly sensitive files when possible, and manually review unusual formats before exposing them to the agent.