ClawHub
Back to skill
Skillv1.5.3

Static analysis security

Ship My Token · Deterministic local checks for risky code patterns and metadata mismatches.

Scanner verdict

SuspiciousApr 30, 2026, 5:02 AM
Summary
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
Reason codes
suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
Engine
v2.4.5

Evidence

criticalsrc/launch.mjs:76
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalsrc/launch.mjs:19
Environment variable access combined with network send.
suspicious.env_credential_access
criticalsrc/setup.mjs:89
Environment variable access combined with network send.
suspicious.env_credential_access
warnsrc/launch.mjs:13
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnsrc/setup.mjs:3
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration