Back to skill
Skillv1.0.1
Static analysis security
sparker · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 30, 2026, 5:10 AM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.4.5
Evidence
criticalsrc/kindle/ingest.js:69
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalsrc/ops/stpx-export.js:75
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalsrc/ops/stpx-import.js:18
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalsrc/core/embedding.js:14
Environment variable access combined with network send.
suspicious.env_credential_access
criticalsrc/core/openclaw-config.js:15
Environment variable access combined with network send.
suspicious.env_credential_access
criticalsrc/transmit/auth.js:10
Environment variable access combined with network send.
suspicious.env_credential_access
warnindex.js:16
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnsrc/core/openclaw-config.js:24
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnsrc/transmit/auth.js:15
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration