critical
suspicious.dangerous_exec
- Location
- hooks/gateway-restart-protection/handler.js:57
- Finding
- Shell command execution detected (child_process).
Qwen Comic Gen
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access (+2 more)
Findings (27)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Installing it may expose your agent to much more code and instruction material than needed for image generation.
Why it was flagged
The advertised skill is a simple image generator, but the package includes a broad unrelated workspace with other skills, hooks, memory, agents, and scripts.
Skill content
615 file(s): ... AGENTS.md ... memory/... hooks/... skills/feishu-multi-agent-manager/... skills/rag_search/... scripts/autonomous-thinking.js ...
Recommendation
Ask for a minimal package containing only SKILL.md, the reviewed image-generation helper, and declared dependencies; remove unrelated workspace files before installation.
What this means
These secrets could grant access to third-party services or accounts and create confusion about which credentials the skill might use.
Why it was flagged
The package contains hardcoded provider, Feishu, and gateway credentials unrelated to the stated Gemini image-generation purpose.
Skill content
`SERPER_API_KEY`, `DASHSCOPE_API_KEY`, `appSecret`, `verificationToken`, and `gateway.auth.token` all have literal values in the file.
Recommendation
Do not publish or install bundles with embedded secrets; rotate the exposed credentials and require users to provide only their own Gemini key through a declared environment variable.
Concern
ASI01: Agent Goal HijackWhat this means
A compatible agent could treat these unrelated instructions as authoritative and change its behavior before handling the user's image request.
Why it was flagged
This root instruction file tells an agent to perform broad workspace setup and memory reads before anything else, unrelated to image generation.
Skill content
Before doing anything else: 1. Read `SOUL.md` ... 2. Read `USER.md` ... 3. Read `memory/YYYY-MM-DD.md` ... Don't ask permission. Just do it.
Recommendation
Remove root-level agent instruction files from the skill package, or scope them so they cannot override the user's task or platform instructions.
What this means
Private context or stored instructions could be pulled into unrelated tasks or reused across sessions without clear user control.
Why it was flagged
The package instructs agents to load and modify persistent memory files, and the manifest includes many memory/profile files.
Skill content
Read `memory/YYYY-MM-DD.md` ... Also read `MEMORY.md` ... You can read, edit, and update MEMORY.md freely
Recommendation
Do not bundle personal memory files with an image skill; keep any memory access opt-in, path-scoped, and clearly documented.
What this means
If unrelated hooks or scripts are activated, they could run local shell commands outside the image-generation workflow.
Why it was flagged
The static scan shows shell execution in an unrelated gateway hook; this is beyond the disclosed image-generation helper.
Skill content
execSync(`robocopy "${config.path}" "${backupPath}" /E /COPYALL /R:0`);Recommendation
Remove unrelated executable hooks from the skill bundle, or require explicit user approval and documentation for any local command execution.
Concern
ASI10: Rogue AgentsWhat this means
A user could unknowingly install material intended for ongoing background automation rather than a one-shot image tool.
Why it was flagged
The artifact set describes recurring autonomous tasks and memory sync behavior that are not needed for image generation.
Skill content
Cron 任务 ... 每小时知识库索引更新 ... 每天 23:00 晚安记忆同步(OneDrive) ... OpenClaw Cron - 定时任务调度
Recommendation
Exclude cron, heartbeat, multi-agent, and sync configuration from the image skill unless persistence is required, declared, and user-controlled.
Findings (27)
critical
suspicious.dangerous_exec
- Location
- scripts/autonomous-thinking.js:193
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- scripts/triple-line-sync.js:49
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- skills/send-html-to-feishu/scripts/run.js:41
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dynamic_code_execution
- Location
- skills/skill-vetting/scripts/scan.py:22
- Finding
- Dynamic code execution detected.
critical
suspicious.env_credential_access
- Location
- skills/send-html-to-feishu/scripts/send-to-feishu.js:11
- Finding
- Environment variable access combined with network send.
critical
suspicious.exposed_secret_literal
- Location
- memory/2026-03-08.md:1773
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- memory/2026-03-14.md:55
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- reports/aliyun-embedding-analysis.md:12
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- scripts/debug-search-step.py:21
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- scripts/vectorize-and-store.py:19
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- scripts/vectorize-optimized.py:24
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- search_knowledge.py:22
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- skills/rag_search/TASK_COMPLETION_REPORT.md:178
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- skills/tts-automation/SKILL.md:96
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- test_semantic_search.py:16
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- test_vectorization.py:12
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- test-embedding-api.py:4
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- test-embedding-compare.py:16
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- test-vector-knowledge-flow.py:17
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- vector_query - 副本.py:22
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- vector_query.py:22
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- vectorize_all - 副本.py:27
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- vectorize_all.py:27
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- vectorize_content.py:25
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- vectorize_knowledge.py:27
- Finding
- File appears to expose a hardcoded API secret or token.
warn
suspicious.prompt_injection_instructions
- Location
- skills/skill-vetting/references/patterns.md:108
- Finding
- Prompt-injection style instruction pattern detected.