critical
suspicious.dangerous_exec
- Location
- lib/onnx-embedding.js:51
- Finding
- Shell command execution detected (child_process).
Elite Longterm Memory
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.env_credential_access
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
If this helper is used, the agent could consume a Kimi API key and send memory text to an external provider without that being clear from the skill listing.
Why it was flagged
The skill metadata declares no environment credentials, but this included helper reads Kimi API keys and uses them for outbound API authorization.
Skill content
this.apiKey = config.apiKey || process.env.KIMI_API_KEY || process.env.KIMI_PLUGIN_API_KEY; ... 'Authorization': `Bearer ${this.apiKey}`Recommendation
Remove the helper or clearly declare it as optional, require explicit opt-in, document what text is sent, and declare the credential requirement in metadata.
ConcernHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
If invoked, this can run local shell commands and fetch remote files, which expands the skill beyond a simple local memory store.
Why it was flagged
An included embedding helper can execute shell commands to download external model files into a home cache, with no integrity verification shown and no disclosure in the skill metadata.
Skill content
const { execSync } = require('child_process'); ... const baseUrl = 'https://hf-mirror.com/Xenova/all-MiniLM-L6-v2/resolve/main'; ... execSync(`curl -L --retry 3 --max-time 180 -o "${this.modelPath}" ...`)Recommendation
Avoid shelling out to curl; use a safer HTTP download path, pin and verify hashes, and disclose the optional download behavior clearly.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Saved memories may influence later conversations, and incorrect or instruction-like memories could steer the agent in unwanted ways.
Why it was flagged
Stored memories are automatically retrieved and prepended to future agent prompts by default.
Skill content
autoRecall: { type: 'boolean', default: true } ... prependContext: `<relevant-memories>...${memoryContext}...</relevant-memories>`Recommendation
Review stored memories periodically, avoid saving secrets, use memory_forget for bad entries, and disable autoRecall if automatic context injection is not desired.
ConcernHigh Confidence
ASI09: Human-Agent Trust ExploitationWhat this means
Users may trust the skill as fully local and credential-free when the package contains code paths that can use external services.
Why it was flagged
The local-only/privacy framing is overbroad given the included Kimi remote API helper and ONNX shell download helper.
Skill content
✅ **纯本地运行** — Pure JavaScript embedding,零外部依赖 ... *本地优先,隐私至上。*
Recommendation
Align the documentation and metadata with the actual code, or remove the unused remote/API and downloader helpers from the package.
Findings (2)
critical
suspicious.env_credential_access
- Location
- lib/kimi-embedding.js:10
- Finding
- Environment variable access combined with network send.