Skillv2.6.2

Static analysis security

Js Eyes · Deterministic local checks for risky code patterns and metadata mismatches.

ReviewApr 30, 2026, 5:03 AM

Summary: Detected: suspicious.dangerous_exec, suspicious.potential_exfiltration
Reason codes: suspicious.dangerous_execsuspicious.potential_exfiltration
Engine: v2.4.5

criticalpackages/protocol/safe-npm.js:85

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalpackages/protocol/skill-runner.js:38

Shell command execution detected (child_process).

suspicious.dangerous_exec

warnpackages/protocol/registry-client.js:7

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warnpackages/protocol/skills.js:271

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration