ClawHub
Back to skill
Skillv1.9.72

Static analysis security

Wip Release · Deterministic local checks for risky code patterns and metadata mismatches.

Scanner verdict

SuspiciousApr 21, 2026, 9:25 PM
Summary
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
Reason codes
suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
Engine
v2.4.0

Evidence

criticalcore.mjs:169
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalcore.mjs:1203
Environment variable access combined with network send.
suspicious.env_credential_access
warncore.mjs:9
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration