critical
suspicious.dangerous_exec
- Location
- scripts/monitor.cjs:79
- Finding
- Shell command execution detected (child_process).
Security Monitor
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A user may believe they limited monitoring to selected threat types, but the skill can still inspect auth logs, ports, processes, Docker status, and credential files.
Why it was flagged
The threats option is printed but not used to decide which checks run. Despite SKILL.md advertising --threats=credentials,ports,api-calls for specific threats, the script runs all monitors, including sensitive file and system checks.
Skill content
console.log(`Threats: ${threats}`); ... checkFailedLogins(); checkOpenPorts(); checkProcessAnomalies(); checkFileChanges(); checkApiKeyUsage(); checkDockerHealth();Recommendation
Implement an enforced allowlist for the threats option and clearly document which checks run by default, especially checks that read credential or system files.
What this means
Running the monitor gives it access to local API credential material, even if it currently only records service names.
Why it was flagged
The script opens a likely credential file and inspects provider names. It does not log token values, but the sensitive file access is not clearly declared in the registry requirements.
Skill content
const envContent = fs.readFileSync('/root/clawd/skills/.env', 'utf8'); ... log('INFO', 'API credentials present', { services: envContent.match(/(?:TWITTER|KAPSO|WHATSAPP)/g) || [] });Recommendation
Make credential-file inspection explicit and opt-in, declare the config path, avoid reading secret values where possible, and log only non-sensitive metadata.
What this means
If run with elevated privileges, the skill can inspect sensitive system logs, network listeners, process lists, and Docker status.
Why it was flagged
The script uses shell execution to inspect local security state. The commands are hard-coded and aligned with monitoring, but they expand what the skill can observe on the host.
Skill content
const { execSync } = require('child_process'); ... execSync('tail -100 /var/log/auth.log ...'); ... execSync('ss -tlnp ...'); ... execSync('ps aux ...');Recommendation
Review the commands before use and run the monitor with the least privilege that still permits the checks you need.
What this means
Local alert/state files may reveal security events or be tampered with to affect future monitoring results.
Why it was flagged
The monitor persists alert history and state locally for reuse across checks. This is purpose-aligned, but the stored security context may contain IPs, paths, and service names.
Skill content
const STATE_FILE = '/root/clawd/clawdbot-security/.monitor-state.json'; ... state.alerts.unshift(entry); state.alerts = state.alerts.slice(0, 100); ... fs.writeFileSync(STATE_FILE, JSON.stringify(state, null, 2));
Recommendation
Protect the log/state directory with appropriate file permissions and define retention or cleanup expectations.
What this means
The monitor can keep executing periodic checks after startup until the process manager or daemon is stopped.
Why it was flagged
The skill explicitly supports daemon/background operation. This persistence is disclosed and expected for real-time monitoring.
Skill content
No external dependencies required. Runs as a background process. ... pm2 start monitor.cjs --name "clawdbot-security" -- --daemon --interval 60
Recommendation
Use a known process manager, document the stop command, and periodically review whether the background monitor is still needed.