critical
suspicious.dangerous_exec
- Location
- scripts/claw.js:105
- Finding
- Shell command execution detected (child_process).
Everything Claude Code
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.exposed_secret_literal (+1 more)
Findings (25)
critical
suspicious.dangerous_exec
- Location
- scripts/hooks/post-edit-format.js:86
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- scripts/hooks/post-edit-typecheck.js:55
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- scripts/lib/utils.js:320
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- tests/hooks/evaluate-session.test.js:61
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- tests/hooks/hooks.test.js:42
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- tests/hooks/suggest-compact.test.js:37
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- tests/integration/hooks.test.js:50
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- tests/lib/utils.test.js:1191
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- tests/run-all.js:51
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- tests/scripts/setup-package-manager.test.js:316
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dynamic_code_execution
- Location
- skills/continuous-learning-v2/scripts/test_parse_instinct.py:31
- Finding
- Dynamic code execution detected.
critical
suspicious.exposed_secret_literal
- Location
- docs/ja-JP/skills/django-patterns/SKILL.md:352
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- docs/ja-JP/skills/django-tdd/SKILL.md:170
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- docs/zh-CN/rules/swift/security.md:18
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- docs/zh-CN/skills/api-design/SKILL.md:302
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- docs/zh-CN/skills/django-patterns/SKILL.md:353
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- docs/zh-CN/skills/django-tdd/SKILL.md:171
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- docs/zh-CN/skills/springboot-security/SKILL.md:159
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- rules/swift/security.md:17
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- skills/api-design/SKILL.md:302
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- skills/django-patterns/SKILL.md:353
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- skills/django-tdd/SKILL.md:171
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- skills/springboot-security/SKILL.md:159
- Finding
- File appears to expose a hardcoded API secret or token.
warn
suspicious.prompt_injection_instructions
- Location
- the-security-guide.md:27
- Finding
- Prompt-injection style instruction pattern detected.