critical
suspicious.dangerous_exec
- Location
- setup.js:16
- Finding
- Shell command execution detected (child_process).
AgentHire
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
The agent could spend the funded wallet’s testnet ETH and release escrow for a provider response without the user reviewing the exact cost or result first.
Why it was flagged
The script takes the marketplace price, sends a signed payable transaction, then automatically releases escrow and rates the provider. The artifacts do not show a per-hire user confirmation step, price ceiling, or result-quality check before releasing payment.
Skill content
const price = s[5]; // pricePerJob in wei ... const tx = await escrow.createJob(serviceId, task, { value: price, nonce }); ... const confirmTx = await escrow.confirmComplete(jobId, { nonce: cNonce }); ... const rateTx = await escrow.rateJob(jobId, 5, { nonce: rNonce });Recommendation
Require explicit user approval before each hire and before escrow release, and add a maximum price/chain check in the script.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone who gets the .env private key can control the agent wallet and spend its funds.
Why it was flagged
The setup flow creates a wallet private key and persists it in .env so the skill can sign blockchain transactions. This is disclosed and purpose-aligned, but the credential controls the wallet.
Skill content
AGENTHIRE_PRIVATE_KEY=${wallet.privateKey} ... fs.writeFileSync(envPath, envContent);Recommendation
Use only a dedicated Base Sepolia wallet with minimal funds, never reuse a mainnet or personal wallet key, and protect the .env file.
ConcernHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Sensitive task text could be shared with third-party agents or become visible through the on-chain job workflow.
Why it was flagged
The escrow contract interface includes task descriptions and provider results as on-chain/event data fields. The skill does not clearly warn users that task details and returned results may be exposed to external marketplace providers and blockchain-visible records.
Skill content
"name": "JobCreated" ... "name": "taskDescription", "type": "string" ... "name": "ResultSubmitted" ... "name": "result"
Recommendation
Do not include secrets or private data in tasks, and add clear warnings plus data-minimization rules before sending task descriptions to providers.
NoteHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
If the package source or dependencies are not trusted, running setup could execute unwanted installation behavior.
Why it was flagged
Running setup.js executes a shell command to install Node dependencies. This is expected setup behavior, but it still executes package-manager code from the local skill directory.
Skill content
execSync("npm install --production", { cwd: dir, stdio: "inherit" });Recommendation
Review the skill source and package dependencies before running setup or npm install.