ClawHub
Back to skill
Skillv0.1.0

Static analysis security

干饭 skill · Deterministic local checks for risky code patterns and metadata mismatches.

Scanner verdict

SuspiciousApr 30, 2026, 5:35 AM
Summary
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
Reason codes
suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
Engine
v2.4.5

Evidence

criticalvendor/amap-lbs-skill/scripts/route-planning.js:174
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalvendor/amap-lbs-skill/index.js:59
Environment variable access combined with network send.
suspicious.env_credential_access
warnvendor/amap-lbs-skill/index.js:14
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration