Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
task-progress-stream
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill’s command execution and chat updates are disclosed and fit its progress-streaming purpose, but users should treat it like a shell launcher and avoid streaming sensitive logs.
Use this skill only when you intentionally want OpenClaw to launch or monitor a long-running job. Review the exact --cmd before running it, avoid jobs that print secrets, choose a safe output directory, and clean up generated logs/status files when finished.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A command run through this skill can do anything the user’s shell account can do.
Why it was flagged
The script executes the caller-provided --cmd through a shell. This is disclosed by the skill’s run mode and is central to launching long-running jobs, but it is still broad local execution authority.
Skill content
const child = spawn("/bin/bash", ["-lc", cmd], { cwd, stdio: ["ignore", "pipe", "pipe"], detached: true, });Recommendation
Only use run mode with commands you explicitly reviewed and intended to execute.
What this means
Log-derived content, including the latest log line, may appear in the chat session.
Why it was flagged
The script sends progress summaries into an OpenClaw chat session via the local gateway, matching the stated purpose of streaming progress into chat.
Skill content
spawn("openclaw", ["gateway", "call", "chat.inject", payload], ...)Recommendation
Avoid streaming logs that contain secrets, credentials, private data, or untrusted instruction-like text.
What this means
Sensitive information printed by a job may persist in local status or log files.
Why it was flagged
The skill stores parsed state and log output in local status/log files, which is expected for progress tracking but can retain sensitive log content.
Skill content
const outDir = args["out-dir"] || path.join(cwd, "runs", "task-progress-stream"); ... fs.createWriteStream(files.log, { flags: "a" });Recommendation
Choose an appropriate output directory and delete generated logs/status files when they are no longer needed.
What this means
A started task may continue running until it finishes or is manually stopped.
Why it was flagged
The launched child process is detached. That is consistent with long-running jobs, but it means users should be aware that the job may outlive the immediate command wrapper.
Skill content
detached: true
Recommendation
Track the reported PID and stop long-running jobs manually if they are no longer wanted.
What this means
Users have less provenance and dependency information to verify before running the helper script.
Why it was flagged
The artifacts include an executable JavaScript helper but do not provide an upstream source/homepage or declare the runtime tools it uses, such as node, /bin/bash, and openclaw.
Skill content
Source: unknown; Homepage: none; Required binaries: none; No install spec — this is an instruction-only skill.
Recommendation
Review the included script and confirm the expected local tools are available before use.