Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Slide Editor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill largely matches its slide-editing purpose, but its helper script opens files using an unsafe shell command that could run unintended local commands if given a crafted file path.
Install only from a trusted copy, back up presentations before injecting the editor, and avoid using the --open workflow on files with unusual or untrusted paths until the shell-opening code is made safe.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If the agent or user opens an HTML file whose path contains shell metacharacters, the helper could execute unintended local commands.
Why it was flagged
outputFile is derived from command-line input and is placed inside a shell command string. Quoting does not safely prevent shell expansion or command substitution in crafted paths.
Skill content
const fileUrl = `file://${outputFile}?edit=1`; ... execSync(`open "${fileUrl}"`, { stdio: 'ignore' });Recommendation
Use a safe browser-opening API or child_process.spawn/execFile with argument arrays, validate paths, and avoid shell interpolation for user-controlled filenames.
What this means
Running the command on the wrong file could alter the original presentation.
Why it was flagged
The recommended workflow modifies the selected HTML file and enables the editor automatically. This is disclosed and aligned with the editor purpose, but it is still a local file mutation.
Skill content
bun ~/projects/slide-editor/inject.ts <html-file> --inline --enable --open ... This will: 1. Inject the editor bundle into the HTML file 2. Automatically open the browser with editor enabled
Recommendation
Work on a copy or use an explicit output file, and use the documented remove/clean export workflow before sharing if the editor should not remain embedded.
What this means
Installing and building the tool may execute third-party installer or dependency code on the local machine.
Why it was flagged
The setup instructions require running remote installer/package-manager commands. This is a common disclosed setup path, but it depends on external sources and is not represented by a registry install spec.
Skill content
curl -fsSL https://bun.sh/install | bash ... powershell -c "irm bun.sh/install.ps1 | iex" ... bun install
Recommendation
Install Bun from the official source, verify the project source and dependency lock state before building, and prefer a constrained environment if unsure.
What this means
A shared HTML presentation may still contain the editor bundle/API if the user does not remove it or export a clean version.
Why it was flagged
The editor can be embedded into the HTML file and later removed. This is intentional persistence within the edited presentation, not hidden background behavior.
Skill content
# Inline mode (single file, portable) ... --inline --enable ... # Remove editor from HTML ... --remove
Recommendation
Use the clean export or --remove option before distributing presentations that should not include the editor.