critical
suspicious.dangerous_exec
- Location
- ai-scanner.js:104
- Finding
- Shell command execution detected (child_process).
ai-supply-chain-security
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A scan could read credential-adjacent package-manager configuration, and careless report sharing could expose sensitive registry configuration or tokens if values are included.
Why it was flagged
This documents scanning account/package-manager configuration that may contain registry tokens or credential-related settings, including global configs. The artifacts do not clearly state whether sensitive values are redacted from reports or notifications.
Skill content
`.npmrc`: ... Hardcoded `_authToken` values (CRITICAL) ... `always-auth=true` credential exposure ... `pip.conf / pip.ini`: ... Scans both project-level and global system config
Recommendation
Run it only on intended projects, inspect generated reports before sharing, avoid enabling webhooks until redaction is confirmed, and prefer a least-privilege environment for scans.
What this means
Installing/running the skill executes local scanner code on your machine.
Why it was flagged
The Node wrapper executes local Python commands to run the scanner. This is central to the CLI purpose and uses argument arrays rather than a shell pipeline.
Skill content
const result = require('child_process').spawnSync(cmd, ['--version']); ... const child = spawn(pythonCmd, pythonArgs, { stdio: 'inherit', cwd: scriptDir });Recommendation
Run it from a trusted copy of the skill and pass explicit scan and output paths.
What this means
Dependency resolution can change over time, which matters for a security scanner that users may trust with private projects.
Why it was flagged
The Python dependencies are specified with lower-bound version ranges, so a fresh install may resolve to newer package versions not pinned by the artifact.
Skill content
pyyaml>=6.0 colorama>=0.4.6 watchdog>=3.0.0
Recommendation
Review or pin dependencies in your environment if you use this in CI or on sensitive repositories.
What this means
If enabled, security findings may be sent outside the local machine or repository.
Why it was flagged
The configuration supports sending notifications to external webhook services, but the feature is disabled by default and uses an environment-provided URL.
Skill content
webhook:
enabled: false
url_env: SECURITY_WEBHOOK_URL
type: slack # slack | discord | dingtalk | customRecommendation
Enable webhooks only with a trusted endpoint and after confirming reports do not include secrets.
What this means
Watch mode can continue reading changed project files while the process is running.
Why it was flagged
The skill supports continuous monitoring when explicitly invoked with watch mode. The artifacts present it as a user-directed mode, not hidden persistence.
Skill content
python ai-scanner.py --watch # Watch mode
Recommendation
Use watch mode only in directories you intend to monitor and stop the process when scanning is complete.
Findings (2)
critical
suspicious.dynamic_code_execution
- Location
- auto_scanner.py:639
- Finding
- Dynamic code execution detected.