ClawHub
Back to skill
Skillv3.7.2

Static analysis security

Aicoin Trading · Deterministic local checks for risky code patterns and metadata mismatches.

Scanner verdict

SuspiciousApr 30, 2026, 5:07 AM
Summary
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
Reason codes
suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
Engine
v2.4.5

Evidence

criticalscripts/auto-trade.mjs:38
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalscripts/exchange.mjs:57
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalscripts/trade.mjs:10
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticallib/aicoin-api.mjs:12
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/exchange.mjs:66
Environment variable access combined with network send.
suspicious.env_credential_access
warnlib/aicoin-api.mjs:4
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/exchange.mjs:6
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration