critical
suspicious.dangerous_exec
- Location
- scripts/scan-json.js:10
- Finding
- Shell command execution detected (child_process).
Apple Media
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If invoked, the skill may discover nearby AirPlay devices and change speaker volume, routing, playback, or Apple TV power state.
Why it was flagged
The skill intentionally exposes local network discovery and media-device control. This is purpose-aligned, but it can affect real devices on the user's network.
Skill content
Discover and control Apple media/AirPlay devices ... scan for AirPlay devices, map names→IPs/IDs, pair/connect, and control playback/volume
Recommendation
Use it only on networks and devices you own or administer, and confirm before issuing playback, volume, connect/disconnect, or power commands.
NoteHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
Running the JSON scan executes the locally installed atvremote command and may perform local network discovery.
Why it was flagged
The helper runs a local shell command to scan for devices. This is expected for the skill, and the timeout is converted to a number before interpolation.
Skill content
const out = execSync(`atvremote scan -t ${Number(timeoutSec)}`, { encoding: 'utf8' })Recommendation
Ensure pyatv/atvremote is installed from a trusted source and review command output before sharing it.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
The behavior depends on whichever pyatv version pipx installs or upgrades, and on local Airfoil tooling for speaker control.
Why it was flagged
The setup relies on an external Python package installed or upgraded outside a pinned install spec. This is disclosed and relevant to the purpose, but users should trust the dependency.
Skill content
pipx install pyatv || pipx upgrade pyatv
Recommendation
Install pyatv and Airfoil from trusted sources, consider pinning versions in your own environment, and verify the sibling airfoil skill before using the connect/volume wrappers.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Granting Accessibility permissions gives Airfoil broader ability to control parts of the local macOS environment.
Why it was flagged
Airfoil may require macOS Accessibility permission, which is a sensitive local privilege. This is disclosed and aligned with speaker control.
Skill content
Install Airfoil and grant Accessibility permissions.
Recommendation
Grant Accessibility permissions only to trusted, official Airfoil installations and revoke them if you stop using the skill.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Scan results may reveal names, IP addresses, and identifiers of devices on your local network.
Why it was flagged
The skill’s outputs can include local device addresses and identifiers. There is no evidence of exfiltration, but this information may be sensitive if saved or shared.
Skill content
The scan output includes IP addresses at runtime; do not commit scan outputs.
Recommendation
Avoid posting or committing scan logs, and treat device names, IPs, and identifiers as private local-network information.