critical
suspicious.dangerous_exec
- Location
- monitor.js:17
- Finding
- Shell command execution detected (child_process).
System Monitor Pro
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
A crafted or mistaken remote host value could cause unintended local shell behavior, and disabling host verification makes it easier to connect to an impersonated remote machine.
Why it was flagged
The remote host argument comes from the command line and is inserted directly into a shell command; SSH host-key verification is also disabled.
Skill content
const remoteHost = args.includes('--remote') ? args[args.indexOf('--remote') + 1] : null; ... return run(`ssh -o ConnectTimeout=3 -o StrictHostKeyChecking=no ${remoteHost} "${escaped}"`);Recommendation
Avoid using --remote with untrusted or copied host strings until fixed. The maintainer should validate the host, reject option-like or shell-metacharacter input, use spawn/execFile with an argument array instead of shell concatenation, and keep SSH host-key checking enabled.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
If remote mode is used, the skill runs monitoring commands under the user's SSH privileges on the target host.
Why it was flagged
Remote monitoring intentionally uses the user's existing SSH access to another machine.
Skill content
`--remote user@host` — Monitor a remote machine via SSH; `SSH access for remote monitoring (optional)`
Recommendation
Use remote mode only for machines you control, with least-privilege SSH accounts, and review the target host before running.
NoteHigh Confidence
ASI10: Rogue AgentsWhat this means
Periodic monitoring can repeatedly run local status commands and notify the user, which is useful but should not be enabled silently.
Why it was flagged
The skill documents an optional recurring monitoring setup that would keep running after initial installation if the user adds it.
Skill content
Add to your HEARTBEAT.md for periodic monitoring: `System Monitor (every 30 min)` ... `Run: node ~/.openclaw/workspace/skills/system-monitor-pro/monitor.js --alert-only`
Recommendation
Only add the HEARTBEAT.md entry deliberately, keep it local unless remote monitoring is necessary, and remove it when no longer wanted.