critical
suspicious.generated_source_template_injection
- Location
- references/examples.md:291
- Finding
- User-controlled placeholder is embedded directly into generated source code.
monitoring-specialist
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.generated_source_template_injection
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
A leaked or misconfigured webhook could let others post unwanted messages to the user's Slack channel.
Why it was flagged
If a user implements this example, the Slack webhook URL functions as a credential that grants permission to post into a Slack destination. This is expected for alerting, but it should be treated as a secret.
Skill content
url => "${SLACK_WEBHOOK_URL}"Recommendation
Store webhook URLs in a secret manager or protected environment variable, avoid committing them to source control, and rotate them if exposed.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Error messages, service names, timestamps, or other log fields could appear in Slack and be visible to channel members.
Why it was flagged
The Logstash example posts error/fatal log message content to a Slack webhook. This is purpose-aligned for monitoring alerts, but it is an external data flow that may include sensitive log details if copied unchanged.
Skill content
# Send critical errors to Slack ... "text" => "Error in %{service}: %{msg}"Recommendation
Redact secrets and personal data from logs before alerting, send alerts only to approved workspaces/channels, and limit the fields included in webhook messages.