Env credential access
Critical
- Finding
- Environment variable access combined with network send.
AI Content Repurposer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its content-repurposing purpose and discloses OpenAI use, but a crafted batch configuration could write output files outside the chosen folder.
Install only if you trust the package source, use a dedicated OpenAI key if possible, avoid processing sensitive client or private content unless you accept OpenAI provider processing, and do not run batch config files from untrusted sources until the output path handling is fixed.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI02: Tool Misuse and Exploitation
Medium
What this means
If a user or agent runs an untrusted batch config, it could overwrite JSON files outside the intended output folder.
Why it was flagged
The batch job name comes from the user-provided config and is joined into an output path without sanitizing path separators or verifying that the result stays inside outputDir.
Skill content
const outputFile = path.join(options.outputDir, `${job.name}.json`); ... fs.writeFileSync(outputFile, JSON.stringify(result, null, 2));Recommendation
Sanitize job.name to a safe basename or slug, resolve the final path, ensure it remains under the selected output directory, and warn before overwriting existing files.
#
ASI03: Identity and Privilege Abuse
Low
What this means
Running the AI-powered mode may consume the user's OpenAI API credits and depends on keeping that key secure.
Why it was flagged
The skill requires an OpenAI credential for its stated AI transformation purpose; this is expected but grants access to the user's OpenAI account quota and billing.
Skill content
"env": [ "OPENAI_API_KEY" ]
Recommendation
Use a limited-scope or dedicated OpenAI key where possible, monitor usage, and ensure the registry metadata consistently declares this credential requirement.
#
ASI07: Insecure Inter-Agent Communication
Low
What this means
Private drafts, transcripts, client material, or unpublished content may be processed by an external AI provider.
Why it was flagged
The skill's AI transformations imply sending user-supplied transcripts, blog text, or podcast content to the OpenAI provider, which is purpose-aligned but privacy-relevant.
Skill content
OpenAI API Key (required for AI-powered transformations)
Recommendation
Do not submit confidential content unless the provider terms and account settings are acceptable for that data.
#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means
Users have less registry-level provenance information to confirm they are installing the intended package.
Why it was flagged
The registry metadata does not provide verified source or homepage information, even though the package files describe npm/GitHub-style installation.
Skill content
Source: unknown; Homepage: none
Recommendation
Verify the package source, repository, and publisher before installing or running the CLI.