ClawHub

FBS-BookWriter

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dangerous_exec

Findings (33)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI02: Tool Misuse and Exploitation
What this means

The agent may run local scripts that read and write files in the chosen project, build deliverables, and perform checks.

Why it was flagged

The skill intentionally gives the agent local command-execution workflows. This is disclosed and central to the book-writing pipeline, but it is still powerful local tooling.

Skill content
便于在 Gateway 内用 **shell/exec** 调用同一套 Node 工具链 ... 使用 OpenClaw **exec / shell**;**cwd 必须为技能根**
Recommendation

Use a dedicated book project folder, keep the working directory constrained to the skill/book root, and review high-impact commands before allowing them.

NoteHigh Confidence
ASI05: Unexpected Code Execution
What this means

Installing and using the skill means allowing its Node scripts to execute locally.

Why it was flagged

Static scan evidence shows the package spawns Node subprocesses. The visible snippets mostly run bundled scripts, which matches the stated script-driven design.

Skill content
const child = spawn(process.execPath, [scriptPath, ...args], {
Recommendation

Install only from a trusted source, prefer sandboxing where possible, and avoid running optional maintenance or publishing scripts unless you understand them.

NoteHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

npm installation may download and execute package lifecycle code from dependencies.

Why it was flagged

The skill relies on npm dependencies after installation. This is normal for its Node-based export/build features, but dependency provenance matters.

Skill content
在技能根执行一次依赖安装:  
   `npm install`(Node ≥18;可选依赖用于 HTML/Docx 等,见 `package.json` `optionalDependencies`)
Recommendation

Review package.json/lockfile when available, install in a controlled environment, and keep dependencies updated.

ConcernMedium Confidence
ASI03: Identity and Privilege Abuse
What this means

The skill may contain account, token, entitlement, or purchase-related paths that are not clearly explained in the installation/credential contract.

Why it was flagged

These high-impact capabilities conflict with the registry requirement section that declares no env vars and no primary credential.

Skill content
- can-make-purchases
- requires-oauth-token
- requires-sensitive-credentials
Recommendation

Before installation or use, require the publisher to document exactly which credentials are used, their scopes, whether any purchase/credit action can occur, and what user confirmation is required.

ConcernHigh Confidence
ASI06: Memory and Context Poisoning
What this means

Draft content, preferences, project state, or summaries may persist across sessions and could affect later writing unless cleared.

Why it was flagged

The skill stores and mutates persistent project/host memory. This supports session recovery, but it can also preserve sensitive writing context or influence future sessions.

Skill content
"hostMemory": {
    "operations": ["create", "update", "delete"],
    "updateRequiresId": true,
    "deleteOnUserContradiction": true,
    "authoritativeBookState": ".fbs/smart-memory/ 与 session-exit 落盘"
Recommendation

Use this only for projects where persistent memory is acceptable, and ask for clear controls to view, export, disable, and delete stored memory.

Findings (33)

critical

suspicious.dangerous_exec

Location
scripts/agents/audit-agent.mjs:83
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/agents/audit-query-optimization.mjs:10
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/agents/audit-temporal-accuracy.mjs:10
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/agents/audit-term-consistency.mjs:10
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/agents/deploy-agent.mjs:584
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/agents/research-agent.mjs:109
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/agents/validation-agent.mjs:75
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/agents/writing-agent.mjs:234
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/audit-entry-performance.mjs:37
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/book-health-snapshot.mjs:52
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/delivery-chain.mjs:27
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/env-preflight.mjs:57
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/evolution-gate.mjs:29
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/fbs-cli-bridge.mjs:27
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/fbs-doctor.mjs:25
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/init-project-memory.mjs:55
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/intake-router.mjs:118
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/launch-presentation-preview.mjs:187
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/lib/channel-pack.mjs:283
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/lib/git-workspace-changes.mjs:24
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/lib/pack-skill-gates.mjs:150
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/lib/workbuddy-host-runtime.mjs:61
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/midterm-execution-chain.mjs:61
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/polish-gate.mjs:259
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/publish-clawhub.mjs:65
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/quality-audit-incremental.mjs:123
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/quality-panorama-orchestrator.mjs:198
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/run-p0-audits.mjs:82
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/s3-guard.mjs:84
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/s3-start-gate.mjs:142
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/smoke-pack-verify.mjs:14
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/standard-execution-chain.mjs:109
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
scripts/wecom/wecom-client.mjs:97
Finding
Shell command execution detected (child_process).