github-search

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dangerous_exec

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence

ASI05: Unexpected Code Execution

What this means

A malicious or untrusted search option could cause the agent to run local shell commands under the user's account.

Why it was flagged

The query is URL-encoded, but sort and order are command-line values inserted into a shell command. Crafted values can break quoting or trigger shell substitution before curl runs.

Skill content

options.sort = args[++i]; ... const url = `${GITHUB_API}?q=${encodeURIComponent(query)}&sort=${sort}&order=${order}&per_page=${perPage}`; ... execSync(cmd, ...)

Recommendation

Replace execSync/curl with fetch or an HTTPS library, or use execFile/spawn with an argument array. Whitelist sort/order values and encode every URL parameter.

ConcernHigh Confidence

ASI05: Unexpected Code Execution

What this means

A crafted repository name could make the script execute unintended local commands, potentially exposing local files or environment variables.

Why it was flagged

The repository name comes from the command line and is placed into a shell-executed curl command. The owner/repo split check does not sanitize shell metacharacters or command substitutions.

Skill content

return args[0]; ... const url = `${GITHUB_API}/${repoFullName}`; ... const result = execSync(cmd, { encoding: 'utf-8', timeout: 30000 });

Recommendation

Validate repository names against GitHub's allowed owner/repo pattern, URL-encode path components, and avoid shell execution for HTTP requests.

NoteHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

If you run the skill with a GitHub token in the environment, that account credential is available to the script and could be at risk if command injection is exploited.

Why it was flagged

The script optionally reads a GitHub token and uses it for GitHub API authentication. This is disclosed and purpose-aligned, but it increases the impact of the shell-injection issue.

Skill content

if (process.env.GITHUB_TOKEN) { headers.push(`-H "Authorization: token ${process.env.GITHUB_TOKEN}"`); }

Recommendation

Use a minimal-scope GitHub token, unset it when not needed, and avoid running this skill with untrusted arguments until the shell execution is fixed.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

That documented batch workflow cannot be reviewed or run as supplied, and users might look for or create an unreviewed helper script.

Why it was flagged

The documentation references scripts/batch-detail.mjs, but the provided file manifest includes only README.md, SKILL.md, scripts/github-search.mjs, and scripts/repo-detail.mjs.

Skill content

cat search-results.json | node scripts/batch-detail.mjs

Recommendation

Remove the missing helper reference or include the script for review before encouraging users or agents to run it.

Findings (2)

critical

suspicious.dangerous_exec

Location: scripts/github-search.mjs:105
Finding: Shell command execution detected (child_process).

critical

suspicious.dangerous_exec

Location: scripts/repo-detail.mjs:36
Finding: Shell command execution detected (child_process).