Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
SenseCraft HMI Web Content Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for generating e-ink web pages, but users should notice that it can install a Node dependency, run a persistent local web server, and expose that server through a public tunnel using a URL token.
This skill does not show evidence of exfiltration or destructive behavior. Before installing, be comfortable with it running Node/npm setup, starting a PM2 local server, and optionally exposing the generated page through a tunnel; keep the tokenized URL private and stop the service when finished.
Static analysis
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Installing or running the helper may download code from npm before the local server works.
Why it was flagged
The skill installs Express from npm at runtime instead of declaring a pinned dependency in package.json or an install spec. This is understandable for creating the local server, but it depends on external package resolution at use time.
Skill content
execSync('npm install express', { stdio: 'inherit' });Recommendation
Review the dependency source if this runs in a sensitive environment, and prefer pinned/package-managed dependencies if maintaining a copy.
What this means
Running the wizard may execute a local command to open your browser.
Why it was flagged
The wizard launches a browser through a shell command. The documented purpose is to open a localhost configuration UI, but shell execution is a sensitive primitive.
Skill content
exec(`${cmd} ${url}`);Recommendation
Only run the wizard from the reviewed skill directory, and prefer safer browser-launch methods if modifying the script.
What this means
Anyone who gets the full token URL may be able to view the generated display content while the server is reachable.
Why it was flagged
The generated server uses a local access token and prints a tokenized URL. This is not a hardcoded credential, but the URL acts as a bearer secret for viewing the served content.
Skill content
ACCESS_TOKEN = crypto.randomBytes(32).toString('hex'); ... URL with token: http://localhost:${PORT}/?token=${ACCESS_TOKEN}Recommendation
Keep the token URL private, avoid sharing it in public logs or chats, and regenerate the token if it is exposed.
What this means
Generated pages, local images copied into the project, and dynamic content may become reachable through the tunnel by anyone with the token URL.
Why it was flagged
The workflow intentionally exposes the local preview server through a tunnel so SenseCraft HMI can display it. This is purpose-aligned, but it changes the data boundary from local-only to internet-reachable.
Skill content
Guide the user to use a reverse proxy tool to forward `http://localhost:19527` to the public network
Recommendation
Use a trusted HTTPS tunnel, keep the tokenized URL private, and do not include sensitive personal or business data in pages you expose publicly.
Medium
What this means
A background web server may keep running and serving the generated page until you stop it.
Why it was flagged
The skill documents starting a PM2-managed server, which can continue running after the initial generation task. The stop command is also documented, so this appears disclosed and scoped.
Skill content
pm2 start {baseDir}/data/server.js --name sensecraft-hmiRecommendation
Stop the service with the documented PM2 command when you no longer need the display, and check PM2 for running processes after use.