critical
suspicious.dynamic_code_execution
- Location
- tests/test_hik_open_device_management.py:16
- Finding
- Dynamic code execution detected.
海康云眸设备基础管理
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dynamic_code_execution
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
An agent could accidentally delete, rename, register, or reboot the wrong device if a user request is ambiguous.
Why it was flagged
The skill exposes mutating device operations, but only reboot is explicitly called out for reconfirmation; deletion and renaming can also materially affect the user's device account.
Skill content
本技能只处理以下能力:- 注册设备 - 删除设备 - 修改设备名称 ... - 设备重启 ... 设备重启属于高影响操作,执行前应再次确认设备序列号。
Recommendation
Require explicit confirmation for every mutating action, especially delete and reboot, showing the device serial, target group/name, and expected impact before executing.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
If a custom or malicious base URL is configured, the Hik client secret or access token could be sent to an unintended server.
Why it was flagged
The OAuth token request is built from the selected base URL and includes the client secret; the shown normalization does not restrict the host to Hik-Cloud domains.
Skill content
def normalize_base_url(base_url: str) -> str: ... return normalized.rstrip("/") ... url=base_url.rstrip("/") + TOKEN_PATH ... "client_secret": client_secretRecommendation
Restrict base URLs to trusted Hik-Cloud endpoints by default, require explicit user confirmation for custom hosts, and warn that custom hosts receive OAuth credentials.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone or any local process with access to that cache file may be able to reuse the token until it expires.
Why it was flagged
The helper persists token data in a local cache file, which is disclosed and purpose-aligned but still stores account access material on disk.
Skill content
DEFAULT_TOKEN_CACHE = Path.home() / ".cache" / "hik_open" / "token.json" ... cache_file.write_text(json.dumps(payload, ensure_ascii=False, indent=2), encoding="utf-8")
Recommendation
Use restrictive file permissions or a secure secret store for the token cache, and clear the cache when credentials should no longer be usable.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Users have less external provenance information to verify before granting Hik-Cloud credentials.
Why it was flagged
The package provenance is not documented, which matters more because the skill requires cloud credentials and can mutate device state.
Skill content
Source: unknown; Homepage: none
Recommendation
Verify the publisher and compare the endpoints/behavior against official Hik-Cloud documentation before using production credentials.
NoteHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
This static finding is unlikely to affect normal skill use unless the tests are run.
Why it was flagged
The dynamic execution flagged by the static scanner is in test code that imports the local script under test, not in the documented runtime workflow.
Skill content
SPEC.loader.exec_module(MOD)
Recommendation
No user action is needed for normal use; maintainers can suppress or document this test-only import pattern.