Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
design-analysis
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears purpose-aligned: it scans a user-specified local image folder and writes a local HTML presentation, with no evidence of network exfiltration or credential use.
This skill is reasonable to install if you want local design-image folders converted into an HTML presentation. Provide only the folder you intend to analyze, choose a safe output filename, and avoid using untrusted custom HTML content.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If given the wrong output path, the skill could replace a local file with the generated HTML report.
Why it was flagged
The skill writes an HTML file to a user-provided path and creates the parent directory if needed. This is central to the skill, but users should choose the output path carefully because existing files could be overwritten.
Skill content
const outputFile = path.resolve(options.outputFile); ... fs.mkdirSync(path.dirname(outputFile), { recursive: true }); ... fs.writeFileSync(outputFile, html, 'utf8');Recommendation
Use a clear, non-sensitive output path such as a new file on the Desktop, and avoid pointing it at existing important files.
What this means
Running the optional test script from unusual paths containing shell metacharacters could behave unexpectedly.
Why it was flagged
The optional test script executes a local Node command through the shell. The arguments are mostly hardcoded test paths, so this is not evidence of malicious behavior, but shell-joined arguments are less safe than spawn/execFile with an argument array.
Skill content
const result = execSync(args.join(' '), { encoding: 'utf8' });Recommendation
Normal users do not need to run the test harness. If maintaining the skill, replace execSync(args.join(' ')) with execFileSync or spawnSync using an argument array.
What this means
If untrusted HTML is supplied as a custom section, it may affect the generated page when opened in a browser.
Why it was flagged
The skill explicitly allows custom raw HTML content in generated reports. This is a disclosed feature, but it means content should come from trusted users or trusted sources.
Skill content
每章的 `content` 字段是HTML字符串,支持所有HTML标签和内联样式。
Recommendation
Only use trusted custom section content and trusted local image folders; avoid pasting third-party HTML or script-like content into sections.
What this means
The skill may fail to run on systems without Node.js even though the registry metadata does not list it as required.
Why it was flagged
The package declares a Node.js runtime requirement, while the registry requirements list no required binaries. This is an under-declared runtime dependency rather than malicious behavior.
Skill content
"engines": { "node": ">=14.0.0" }Recommendation
Confirm Node.js is installed before using the skill, or ask the publisher to declare Node.js as a required binary.