Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Wip Xai Grok Private
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The artifacts are coherent with an xAI Grok integration, but it uses an xAI/1Password credential and sends prompts or media inputs to xAI, so users should review account access, privacy, and costs.
Install only if you are comfortable giving this skill access to an xAI API key and sending selected prompts or media inputs to xAI. Prefer a scoped key, monitor usage costs, and set XAI_API_KEY directly if you do not want the 1Password CLI lookup. Because the supplied core.mjs content is truncated in the review artifact, review the full source before installing if you need high assurance.
Static analysis
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI03: Identity and Privilege Abuse
Medium
What this means
The skill can use the xAI account tied to that key, including billable API requests.
Why it was flagged
The skill obtains an xAI API key from the environment or a specific 1Password item and uses it to authenticate xAI API calls.
Skill content
if (process.env.XAI_API_KEY) return process.env.XAI_API_KEY; ... execSync('op read "op://Agent Secrets/X API/api key"' ...); ... 'Authorization': `Bearer ${resolveApiKey()}`Recommendation
Use a scoped xAI API key if available, confirm the 1Password item is intended for xAI, and monitor xAI usage or spending limits.
#
ASI05: Unexpected Code Execution
Low
What this means
A local 1Password CLI command may run when the skill needs an API key.
Why it was flagged
The code invokes a local shell command to read from 1Password. It is fixed and purpose-aligned, but still depends on local command execution.
Skill content
const key = execSync('op read "op://Agent Secrets/X API/api key"', { stdio: ['pipe', 'pipe', 'pipe'], timeout: 10000 })Recommendation
Set XAI_API_KEY directly if you do not want the skill to invoke the 1Password CLI, and ensure the local `op` command is trusted.
#
ASI07: Insecure Inter-Agent Communication
Medium
What this means
Prompts, search queries, and media inputs may leave the local environment for xAI processing.
Why it was flagged
Search queries and related tool inputs are sent to the declared xAI provider API, which is expected for this integration.
Skill content
const API_BASE = 'https://api.x.ai/v1'; ... fetch(`${API_BASE}/responses`, { method: 'POST', headers: headers(), body: JSON.stringify({ model, input: [{ role: 'user', content: query }], tools: [tool] }) })Recommendation
Do not send confidential prompts, images, or videos unless xAI processing and retention policies are acceptable for your use case.
#
ASI02: Tool Misuse and Exploitation
Medium
What this means
Using image or video generation can consume paid xAI API credits.
Why it was flagged
The skill exposes billable media-generation actions; the costs are disclosed and aligned with the stated purpose.
Skill content
Cost: $0.05/sec at 480p, $0.07/sec at 720p. URLs are temporary.
Recommendation
Ask for confirmation before expensive generation tasks and consider setting provider-side budget limits.
#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means
Installing the package may pull third-party dependency code, especially if not using the reviewed lockfile.
Why it was flagged
The package has an MCP SDK dependency even though the skill metadata lists dependencies as empty and README says 'Zero dependencies'; the lockfile helps, but the declaration mismatch is worth noticing.
Skill content
"dependencies": { "@modelcontextprotocol/sdk": "^1.27.1" }Recommendation
Install from a reviewed source or lockfile and consider pinning dependency versions for reproducible installs.