zx
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: zx Version: 1.0.0 The skill bundle provides a comprehensive guide for using Google's 'zx' library, which enables an AI agent to execute shell commands, manage processes, and perform network requests. While the content is aligned with its stated purpose as a developer tool and lacks evidence of intentional malice or prompt injection, it explicitly instructs the agent on how to use high-risk capabilities like arbitrary shell execution (`$`), filesystem access (`fs-extra`), and network communication (`fetch`). These capabilities are documented across SKILL.md and multiple reference files (e.g., api.md, cli.md, process.md), making the bundle high-risk in an autonomous agent context.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses this guidance to create or run scripts, shell commands may have real effects on your computer or projects.
The skill teaches use of zx's shell-command execution API. This is expected for a zx scripting guide, but commands can modify files, deploy code, or affect the local environment if run without review.
### `` $`command` `` — Execute Shell Commands
Review generated zx commands before running them, especially commands that write files, install packages, deploy, delete, or change configuration.
A script run with auto-install can fetch and execute third-party packages, which may affect your environment if the package or registry is untrusted.
The CLI reference documents zx's ability to auto-install missing dependencies. This is a legitimate zx feature, but it can introduce package-supply-chain risk if used with untrusted scripts or unpinned dependencies.
zx --install script.mjs
Prefer pinned dependency versions, trusted registries, and review dependency imports before using zx's auto-install feature.
Running a remote zx script can execute code from the internet on your machine.
The documentation explains that zx can execute remote scripts. The artifact also warns users to trust the source, so this is disclosed and purpose-aligned, but remote script execution is high-impact if misused.
Scripts starting with `https://` are downloaded and executed.
Only run remote zx scripts from sources you trust, inspect the script first when possible, and avoid piping or executing unknown URLs.