critical
suspicious.dangerous_exec
- Location
- scripts/amap-proxy.js:25
- Finding
- Shell command execution detected (child_process).
Flyai Travelmapify
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
If this proxy is running, a malicious local webpage or network request could potentially execute commands with the user’s privileges.
Why it was flagged
The HTTP query and city values are inserted into a shell command and executed with child_process.exec, so crafted input could break out of the intended command.
Skill content
const command = `cd "${amapMapsDir}" && AMAP_KEY="${amapKey}" node scripts/amap.js search text "${query}" ${city}`; ... exec(command, { timeout: 10000 }, ...)Recommendation
Replace exec with spawn/execFile using an argument array, strictly validate q/city, quote nothing through a shell, bind only to 127.0.0.1, and add a local authorization/CSRF protection mechanism.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Other websites or clients may be able to trigger the local proxy unexpectedly while it is running.
Why it was flagged
The proxy accepts unauthenticated cross-origin HTTP requests and routes user-controlled parameters into a shell-backed geocoding helper.
Skill content
'Access-Control-Allow-Origin': '*', ... const query = parsedUrl.query.q; const city = parsedUrl.query.city || '重庆'; ... handleSearch(query, city, res);
Recommendation
Limit CORS to trusted origins, bind the service to localhost explicitly, require a local token for requests, and avoid exposing shell-backed operations over a permissive HTTP API.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Users have less registry-level information to verify where the code came from and what runtime components it needs.
Why it was flagged
The package contains runnable Python/Node files and depends on external tools, but registry provenance and install/dependency metadata are limited.
Skill content
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Recommendation
Publish a source/homepage, declare required binaries and runtime services in metadata, and pin/document external dependencies clearly.
NoteHigh Confidence
ASI10: Rogue AgentsWhat this means
Local ports may stay open and serve map or hotel-search functionality until stopped.
Why it was flagged
The skill intentionally starts local services as part of its workflow; this is disclosed, but those services may remain active after the map is generated.
Skill content
Automatically start HTTP server on port 9000 ... Automatically start hotel search server on port 8770 ... Check if servers are already running
Recommendation
Run only when needed, stop the servers after use, and prefer localhost-only binding with clear shutdown instructions.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Itinerary details or travel-planning images may be sent to mapping, hotel-search, or vision providers.
Why it was flagged
Travel locations, hotel-search context, and possibly images are processed through external provider or agent capabilities as part of the intended workflow.
Skill content
Geocodes locations ... using Amap API ... Integrates real FlyAI hotel search ... Use agent's AI Vision capability to analyze travel planning images
Recommendation
Avoid submitting sensitive images or private travel details unless you are comfortable with the involved providers and their privacy terms.