critical
suspicious.dangerous_exec
- Location
- scripts/generate_content.js:89
- Finding
- Shell command execution detected (child_process).
Social Media Automation Operations Assistant
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Anyone who can see the generated URL or logs may obtain a token that can publish to the Weibo account.
Why it was flagged
The Weibo access token is placed directly into a URL that is returned to the caller; the publish flow prints and returns request data, so a token capable of posting can end up in console logs or agent output.
Skill content
const params = new URLSearchParams({ access_token: accessToken, status, }); ... const url = `${WEIBO_API_BASE}/statuses/update.json?${params}`; ... return { method: 'POST', url, params: { status, image: content.imageUrl || null } }Recommendation
Do not include access tokens in printed URLs or returned request objects; keep tokens in protected headers/body fields, redact logs, and use least-privilege/short-lived tokens.
What this means
If the agent follows the generated commands, content can be published publicly from the user's social account.
Why it was flagged
The browser automation sequence includes a final publish action in a logged-in creator environment. This matches the skill purpose, but it is a public account mutation.
Skill content
{ step: 9, action: 'click', description: 'Click publish', command: 'browser act ref=<publish-button> kind=click' }Recommendation
Use dry-run or preview first, review generated content and target platforms, and only execute publish steps after explicit approval.
What this means
A scheduled task could publish later when the user is not actively reviewing the content.
Why it was flagged
The scheduler outputs a future agentTurn that asks the agent to run a publishing command. It is one-shot and user-registered, but it creates delayed autonomous posting behavior.
Skill content
payload: { kind: 'agentTurn', message: `Execute social media publishing task: ... Please execute node ${publishScript} --platforms "${platforms}" --content-file "${contentFile}"` }, delivery: { mode: 'announce' }, deleteAfterRun: true, enabled: trueRecommendation
Register schedules only after reviewing the content file, time, and platforms; keep deleteAfterRun enabled and periodically audit scheduled jobs.
What this means
Running auto-topic contacts an external service and executes a local shell command, which may surprise users expecting a pure local content template generator.
Why it was flagged
The --auto-topic feature shells out to run an inline Node command that fetches an external trend feed. The command is fixed and not user-controlled, but shell execution is broader than needed.
Skill content
const { execSync } = require('child_process'); const result = execSync('node -e "const https=require(\'https\');https.get(\'https://newsnow.busiyi.world/api/hottest\' ... )"', { timeout: 10000 })Recommendation
Replace execSync with a direct HTTPS request in the script, document the trend endpoint, and let users opt into external trend fetching.
What this means
The installed package versions may change over time, and users must trust the npm packages they install.
Why it was flagged
The skill asks users to install npm packages without pinned versions or a package lock/install spec. This is a common setup pattern, but it leaves dependency provenance and versioning to the user.
Skill content
Install dependencies: `npm install axios openai`
Recommendation
Provide a package.json and lockfile with pinned versions, or document exact versions and trusted installation steps.