critical
suspicious.dynamic_code_execution
- Location
- tests/conftest.py:18
- Finding
- Dynamic code execution detected.
Report Creator
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dynamic_code_execution
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If the user reviews the wrong file or lacks a backup, the original HTML report can be changed in place.
Why it was flagged
Review mode is explicitly documented as an automatic, non-interactive refinement that writes changes back to the specified HTML file.
Skill content
`--review` ... `将优化后的 HTML 写回原文件` ... `不是交互式确认流程`
Recommendation
Use version control or a backup before --review, and use --output when you want a separate generated file.
NoteLow Confidence
ASI03: Identity and Privilege AbuseWhat this means
The supplied artifacts do not show a reason to provide payment authority or sensitive credentials for this report generator.
Why it was flagged
These automated capability signals would imply sensitive authority, but they conflict with the visible requirements declaring no credentials and no env vars; no provided SKILL text shows purchase or credential workflows.
Skill content
- can-make-purchases - requires-sensitive-credentials
Recommendation
Do not provide credentials or authorize purchases unless a future version clearly documents why they are needed and how they are scoped.
NoteMedium Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Users have less registry-level provenance context when deciding whether to run optional local scripts.
Why it was flagged
Registry provenance is not fully described, while the package contains optional helper scripts that a user may run for exports or validation.
Skill content
Source: unknown; Homepage: none
Recommendation
Install from a trusted source and verify the repository/version before running helper scripts or manual git-clone installs.
NoteMedium Confidence
ASI05: Unexpected Code ExecutionWhat this means
Using --export-image may execute local helper code as part of producing screenshots or image outputs.
Why it was flagged
The image-export feature explicitly runs a bundled local Python helper after HTML generation.
Skill content
`--export-image [mode]` | After HTML generation, run `scripts/export-image.py`
Recommendation
Use --export-image only when needed, and review or trust the installed helper script before running it.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
If a report contains private data, sharing the HTML may also share structured summaries or raw component data that downstream agents can easily read.
Why it was flagged
Generated reports intentionally preserve summaries and component data in machine-readable HTML fields.
Skill content
Every generated HTML embeds machine-readable structure: `Layer 1 — <script id="report-summary">` ... `Layer 3 — data-component data-raw`
Recommendation
Review generated HTML before sharing externally, especially when source notes contain confidential metrics, customer data, or internal decisions.