critical
suspicious.dynamic_code_execution
- Location
- server.js:74
- Finding
- Dynamic code execution detected.
Learning Assistant App
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dynamic_code_execution, suspicious.env_credential_access
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
If this server is running, a crafted calculation could read environment variables or local files, modify app data, or run other Node.js code with the app's privileges.
Why it was flagged
The /api/calculate route evaluates user-controlled request body content as JavaScript inside the Node.js server, not just as a restricted math expression.
Skill content
const { expression } = req.body;
// 使用eval进行数学计算
const result = eval(expression);Recommendation
Replace eval with a safe, restricted math parser; validate allowed operators/functions; and do not expose this endpoint until it is fixed.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
A browser page or network client may be able to call the local app's powerful endpoints if the server is reachable.
Why it was flagged
The app enables global CORS and exposes the calculator as an HTTP API route, making the unsafe eval-backed tool easier to invoke from other origins while the local server is running.
Skill content
app.use(cors());
...
app.post('/api/calculate', async (req, res) => {Recommendation
Restrict CORS to the app's own origin, bind only to localhost when appropriate, and add authentication or explicit user approval for risky routes.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
If you provide a HISTORY_API_KEY, the app will use it for API Ninjas history requests despite the no-authentication wording.
Why it was flagged
The code may read and send a HISTORY_API_KEY to the fallback history API, while the registry metadata declares no env vars and SKILL.md says the integrated APIs need no authentication.
Skill content
'X-Api-Key': process.env.HISTORY_API_KEY || 'demo_key'
Recommendation
Declare the optional environment variable, document exactly where the key is sent, and use a narrowly scoped API key.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Translated text, calculator expressions, and fetched results may remain on disk and be exportable from the app.
Why it was flagged
The app persists user queries and results locally as search history, retaining up to 50 entries.
Skill content
preferences.searchHistory.unshift(historyItem); // 只保留最近50条记录
Recommendation
Avoid entering sensitive text unless you are comfortable with local retention, and use the clear/export controls deliberately.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Installing the app will execute the normal npm dependency installation workflow for the included Node project.
Why it was flagged
The skill is presented as instruction-only with no install spec, but its own instructions require installing and running a Node.js dependency tree.
Skill content
npm install ... npm start
Recommendation
Review package.json/package-lock.json and run the app in a contained environment, especially until the eval issue is fixed.
Findings (2)
critical
suspicious.env_credential_access
- Location
- server.js:7
- Finding
- Environment variable access combined with network send.