critical
suspicious.dangerous_exec
- Location
- scripts/marketing_hub.js:244
- Finding
- Shell command execution detected (child_process).
Social Media Marketing Hub
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernMedium Confidence
ASI03: Identity and Privilege AbuseWhat this means
TikHub or DeepSeek API keys could be exposed to anyone who can see command output or logs.
Why it was flagged
The documented config command takes API keys, and this code prints those key values to stdout, where they may be captured in terminal or agent logs.
Skill content
console.log(' export TIKHUB_TOKEN=' + (tikhubToken || '你的Token')); console.log(' export DEEPSEEK_KEY=' + (deepseekKey || '你的Key'));Recommendation
Use environment variables instead of the config command, mask secrets in output, and update metadata to clearly declare the required credentials.
ConcernHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
Running browser analysis could disrupt other local GUI/browser jobs on the same machine.
Why it was flagged
Browser mode uses shell execution and kills any matching Xvfb process rather than only a skill-owned process.
Skill content
execSync('pkill -f "Xvfb :[0-9]*" 2>/dev/null; sleep 1', { stdio: 'ignore' });Recommendation
Avoid broad `pkill`; track and clean up only processes started by this skill, and document the browser-mode side effects clearly.
ConcernMedium Confidence
ASI02: Tool Misuse and ExploitationWhat this means
A crafted keyword containing path separators could write JSON files outside the intended memory folder.
Why it was flagged
The user-provided keyword is used directly in a filesystem path without visible sanitization or containment checks.
Skill content
const file = path.join(MEMORY_DIR, `${keyword}.json`); ... fs.writeFileSync(file, JSON.stringify(merged, null, 2));Recommendation
Sanitize keywords for filenames, reject path separators, resolve the final path, and verify it remains inside the memory directory before writing.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Past analysis data and keywords remain on disk and may influence later generated titles or scripts.
Why it was flagged
The skill intentionally persists analysis results and reuses them across future outputs.
Skill content
`analyze / a / product / author` 结果存入 `scripts/memory/<词>.json` ... 所有分析结果均可叠加,越分析 AI 越懂你的赛道
Recommendation
Do not analyze confidential topics unless you are comfortable storing them locally; periodically review or delete the memory files.
NoteMedium Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Users may have to rely on a manually cloned repository without strong registry provenance.
Why it was flagged
The registry metadata does not provide a source/homepage/install spec even though the docs instruct cloning an external GitHub repository.
Skill content
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Recommendation
Verify the GitHub repository and version before use, and prefer a pinned or registry-declared source.