critical
suspicious.dangerous_exec
- Location
- lib/skills-core.js:151
- Finding
- Shell command execution detected (child_process).
ClawGator Superpowers
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Concern
ASI10: Rogue AgentsWhat this means
The skill can steer future sessions automatically, including resumed or cleared sessions.
Why it was flagged
The skill registers an asynchronous command hook that runs on session lifecycle events, giving it persistent behavior even when the user has not explicitly invoked the skill.
Skill content
"SessionStart": [{ "matcher": "startup|resume|clear|compact", ... "command": "${CLAUDE_PLUGIN_ROOT}/hooks/session-start.sh", "async": true }]Recommendation
Make the session-start hook opt-in, disclose it prominently in metadata and documentation, and provide a simple way to disable it.
Concern
ASI01: Agent Goal HijackWhat this means
The agent may force this workflow into tasks where the user expected a quick answer or a different approach.
Why it was flagged
This instruction is overbroad and makes the skill's own invocation rule authoritative across many situations, which can override narrower user intent.
Skill content
"If you think there is even a 1% chance a skill might apply, you ABSOLUTELY MUST invoke it"
Recommendation
Scope invocation to clearly defined development tasks and avoid absolute self-invocation language.
What this means
Installing the skill may cause local code to run at session start, not just provide passive instructions.
Why it was flagged
The package contains a hook that executes a shell script automatically, while the registry describes the package as having no install spec and being instruction-only.
Skill content
"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/session-start.sh"Recommendation
Declare the hook and command execution in metadata, document exactly what the script does, and require explicit user consent before enabling it.
What this means
A mistaken or premature action could change or discard code work.
Why it was flagged
The skill declares tools that can affect repository state, including merging or discarding a branch. This is purpose-aligned for a development workflow but high-impact.
Skill content
"finish_development_branch": ... "enum": ["merge", "pr", "keep", "discard"]
Recommendation
Require explicit user confirmation before merge, PR creation, discard, or other repository-mutating actions.
What this means
Users have less information to verify where the code came from or whether it matches an upstream project.
Why it was flagged
The registry provenance is incomplete for a package that includes runnable code and hooks.
Skill content
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill.
Recommendation
Verify the package source before installing and prefer a version with a public repository, pinned provenance, and accurate install metadata.
What this means
Project context or code may be shared among subagents more broadly than the user expects.
Why it was flagged
The workflow includes subagents and parallel agents, but the provided top-level artifacts do not define detailed data-sharing or permission boundaries for those agents.
Skill content
"SUBAGENT-DRIVEN DEV" ... "Fresh subagent per task"
Recommendation
Review subagent prompts and limit what files, secrets, and project context are passed to subagents.
Findings (2)
critical
suspicious.dangerous_exec
- Location
- skills/writing-skills/render-graphs.js:25
- Finding
- Shell command execution detected (child_process).