Back to skill
Skillv1.0.0
Static analysis security
hubstudio · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 30, 2026, 5:15 AM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.destructive_delete_command, suspicious.env_credential_access (+2 more)
- Reason codes
- suspicious.dangerous_execsuspicious.destructive_delete_commandsuspicious.env_credential_accesssuspicious.install_untrusted_sourcesuspicious.potential_exfiltration
- Engine
- v2.4.5
Evidence
criticalplaywright_hubstudio_baidu_demo.js:11
Shell command execution detected (child_process).
suspicious.dangerous_exec
warnREADME.md:181
Documentation contains a destructive delete command without an explicit confirmation gate.
suspicious.destructive_delete_command
criticalhubstudio.js:8
Environment variable access combined with network send.
suspicious.env_credential_access
warncommands.generated.json:2
Install source points to URL shortener or raw IP.
suspicious.install_untrusted_source
warnhubstudio.js:7
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration