critical
suspicious.dangerous_exec
- Location
- scripts/account-rotator.js:51
- Finding
- Shell command execution detected (child_process).
Yixiaoer Rotator Skill
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A Yixiaoer API key may allow account access and publishing workflows through the related API tooling.
Why it was flagged
The skill requires a provider API key and member ID even though registry requirements list no required credentials or env vars.
Skill content
export YIXIAOER_API_KEY="你的蚁小二 API Key" export YIXIAOER_MEMBER_ID="你的成员 ID"
Recommendation
Use a scoped and revocable API key if available, set it only for sessions that need this skill, and confirm the permissions granted by the key.
What this means
If the referenced helper skill or path is tampered with, the sync command could run unexpected code with the current environment.
Why it was flagged
The script shells out to Node to run another skill's API wrapper.
Skill content
const { execSync } = require('child_process'); ... const result = execSync(`node "${scriptPath}" --payload='${payloadStr.replace(/'/g, "'\\''")}'`, {Recommendation
Inspect and trust the installed yixiaoer-skill dependency before running sync; a safer implementation would use execFileSync/spawn arguments or a direct library/API call instead of a shell string.
What this means
The security of this rotator partly depends on the separate yixiaoer-skill package.
Why it was flagged
The skill depends on a separate package whose contents are not included in this artifact set, and the visible code later invokes that dependency.
Skill content
本技能依赖 `yixiaoer-skill`,请确保已安装: clawhub install yixiaoer-skill
Recommendation
Review the dependency source and installed path before using this skill with real account credentials.
What this means
Running the example in a real workflow could publish content using the selected account.
Why it was flagged
The documentation shows using the rotated account ID in a publish API workflow.
Skill content
"action": "publish",
"platforms": ["哔哩哔哩"],
"accountForms": [{"platformAccountId": "'$ACCOUNT_ID'"}]Recommendation
Require explicit user review before publishing, and verify the selected platform/account from `status` or `accounts <平台名>` before sending content.
What this means
Future account selection depends on this local state; stale or manually modified state could cause the wrong account to be chosen.
Why it was flagged
The skill stores account metadata and rotation indices in a persistent local JSON state file.
Skill content
const STATE_FILE = path.join(__dirname, 'account-rotator-state.json'); ... fs.writeFileSync(STATE_FILE, JSON.stringify(state, null, 2) + '\n');
Recommendation
Keep the state file protected, inspect `status` before publishing, and reset or resync if the account order looks wrong.