ClawHub
Back to skill
Skillv0.2.6

Static analysis security

Openclaw Sec · Deterministic local checks for risky code patterns and metadata mismatches.

Scanner verdict

ReviewApr 30, 2026, 4:55 AM
Summary
Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access (+2 more)
Reason codes
suspicious.dangerous_execsuspicious.dynamic_code_executionsuspicious.env_credential_accesssuspicious.exposed_secret_literalsuspicious.prompt_injection_instructions
Engine
v2.4.5

Evidence

criticalsrc/__tests__/cli.test.ts:25
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalsrc/modules/code-execution-detector/__tests__/detector.test.ts:35
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalsrc/modules/command-validator/__tests__/validator.test.ts:193
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalsrc/patterns/runtime-validation/code-execution-patterns.ts:29
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticaltests/zeroleaks-pentest.ts:129
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalsrc/modules/content-scanner/__tests__/scanner.test.ts:169
Dynamic code execution detected.
suspicious.dynamic_code_execution
criticalsrc/patterns/obfuscation/obfuscation-patterns.ts:127
Dynamic code execution detected.
suspicious.dynamic_code_execution
criticalsrc/patterns/runtime-validation/code-execution-patterns.ts:125
Dynamic code execution detected.
suspicious.dynamic_code_execution
criticalhooks/legacy/tool-call-hook.ts:98
Environment variable access combined with network send.
suspicious.env_credential_access
criticalhooks/security-tool-validator/handler.ts:102
Environment variable access combined with network send.
suspicious.env_credential_access
criticalREADME.md:604
Documentation appears to expose a hardcoded API secret or token.
suspicious.exposed_secret_literal
warnREADME.md:489
Prompt-injection style instruction pattern detected.
suspicious.prompt_injection_instructions
warnSKILL.md:624
Prompt-injection style instruction pattern detected.
suspicious.prompt_injection_instructions