critical
suspicious.dangerous_exec
- Location
- scripts/generate.js:9
- Finding
- Shell command execution detected (child_process).
uni-vision-engine
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
The agent may use a preloaded account session and spend credits or act under an account identity that the user did not explicitly configure.
Why it was flagged
The script includes a default cached authentication session and later sends it as a Bearer token, so the skill can use account authority even when the user does not provide their own session.
Skill content
let sessionToken = "b79fc...39978"; // 默认缓存的认证 session
Recommendation
Remove the embedded session token, require the user to provide their own credential through a declared secure mechanism, and clearly document credit-spending behavior.
ConcernHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
Running the skill can unexpectedly fetch and execute package-install behavior from npm on the user's machine.
Why it was flagged
If the dependency is missing, the script automatically runs a shell-based npm install during execution, downloading unpinned code outside the declared install process.
Skill content
const { execSync } = require('child_process');
execSync('npm install form-data --no-save', { stdio: 'ignore' });Recommendation
Move dependency installation into a reviewed install spec, pin package versions with a lockfile, and avoid runtime npm installs.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
When invoked, the agent has broad local shell capability rather than only a narrowly limited video-generation action.
Why it was flagged
The skill grants broad Bash access. This is used for the stated local video-generation workflow, but it is broader than a single scoped command.
Skill content
allowed-tools: Bash(*)
Recommendation
Prefer limiting allowed commands to the specific script and required log-reading commands, or ask for user confirmation before shell actions.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Images provided in chat may be saved locally and submitted to the local Jimeng service and its generation/moderation flow.
Why it was flagged
The skill is designed to extract user-sent images and send them into the video-generation pipeline. That is purpose-aligned, but it is sensitive media handling.
Skill content
automatically intercept clothing/character images sent by the user in the chat interface and seamlessly pass them to the generation model
Recommendation
Use only with images the user intends to process, disclose the upload/moderation behavior, and clean up temporary image files after generation.