critical
suspicious.dangerous_exec
- Location
- skill.js:50
- Finding
- Shell command execution detected (child_process).
AOI Triple Memory (Lite)
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Search results may expose matching lines from local workspace files to the agent or terminal.
Why it was flagged
The skill runs the local ripgrep tool with a user-supplied query over the workspace. This matches the stated search purpose, but it is still local tool execution that can return workspace file contents.
Skill content
const res = spawnSync('rg', ['-n', q, root], { encoding: 'utf8' });Recommendation
Use the skill only in workspaces you intend to search, and consider adding a `--` separator before the query to avoid ripgrep option ambiguity.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
The command may fail or use whatever `rg` binary is already installed on the local system.
Why it was flagged
The registry requirements declare no binaries, while `skill.js` depends on the external `rg` command. This is not hidden malicious behavior, but the runtime dependency is under-declared.
Skill content
Required binaries (all must exist): none; Required binaries (at least one): none
Recommendation
Declare ripgrep as a required binary and ensure users install it from a trusted source.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Information written into notes may remain in the project and be reused or searched later.
Why it was flagged
The skill creates persistent decision-note files inside the workspace. This is expected for a memory/note skill, but stored notes can later influence work or contain sensitive information.
Skill content
const dir = path.join(root, 'context'); ... fs.writeFileSync(file, body, 'utf8');
Recommendation
Review generated notes before relying on them, avoid storing secrets or private data, and keep the workspace scope limited.