Skillv1.0.0

Static analysis security

Hinge Agent - Barney Stinson · Deterministic local checks for risky code patterns and metadata mismatches.

Scanner verdict

SuspiciousApr 30, 2026, 5:11 AM

Summary: Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
Reason codes: suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
Engine: v2.4.5

Evidence

criticalclawhub-upload/barney/scripts/discover-autopilot.js:182

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalclawhub-upload/barney/scripts/hinge-agent-daemon.js:289

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalclawhub-upload/barney/scripts/hinge-ai.js:272

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalscripts/discover-autopilot.js:182

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalscripts/hinge-agent-daemon.js:289

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalscripts/hinge-ai.js:272

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalclawhub-upload/barney/scripts/appium-ios.js:19

Environment variable access combined with network send.

suspicious.env_credential_access

criticalclawhub-upload/barney/scripts/hinge-agent-daemon.js:187

Environment variable access combined with network send.

suspicious.env_credential_access

criticalclawhub-upload/barney/scripts/hinge-ai.js:84

Environment variable access combined with network send.

suspicious.env_credential_access

criticalclawhub-upload/barney/scripts/hinge-ios.js:20

Environment variable access combined with network send.

suspicious.env_credential_access

criticalscripts/appium-ios.js:19

Environment variable access combined with network send.

suspicious.env_credential_access

criticalscripts/hinge-agent-daemon.js:187

Environment variable access combined with network send.

suspicious.env_credential_access

criticalscripts/hinge-ai.js:84

Environment variable access combined with network send.

suspicious.env_credential_access

criticalscripts/hinge-ios.js:20

Environment variable access combined with network send.

suspicious.env_credential_access

warnclawhub-upload/barney/scripts/hinge-agent-daemon.js:205

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warnclawhub-upload/barney/scripts/hinge-ai.js:326

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warnscripts/hinge-agent-daemon.js:205

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warnscripts/hinge-ai.js:326

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration