Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
AI智能写作助手Pro
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a mostly coherent writing helper, but it runs a shell command built from the article topic and an undeclared helper script, which makes it unsafe until reviewed or fixed.
Do not install this skill unless you trust and can review the referenced tavily-search helper. Until fixed, avoid using untrusted article topics, because the topic can reach a shell command. Ask the publisher to remove raw execSync usage, declare dependencies, restrict environment variables, and ship the missing advertised scripts.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A crafted article topic could execute commands on the user's machine under the agent's local permissions when hot-topic search runs.
Why it was flagged
The article topic comes from --topic and is inserted into a shell command string executed by execSync. Shell metacharacters or command substitution in the topic could run unintended local commands.
Skill content
const cmd = `node "${tavilyScript}" "${topic} 热点 趋势 2024" -n 3 --topic news`; const result = execSync(cmd, {Recommendation
Replace execSync(commandString) with execFile or spawn using an argument array, or call the Tavily API directly. Validate the topic and avoid shell interpretation.
What this means
Article generation may silently depend on missing or unreviewed code at that path; if that helper is replaced or malicious, this skill will execute it.
Why it was flagged
The skill executes a script from another local skill path, but the supplied package only includes scripts/write.mjs and has no install spec or declared dependency for tavily-search.
Skill content
path.join(process.env.HOME, '.openclaw', 'skills', 'tavily-search', 'scripts', 'search.mjs')
Recommendation
Declare and pin the helper dependency, bundle reviewed code, or perform the Tavily request directly. Fail clearly if the dependency is unavailable.
What this means
If the external helper is compromised or unexpected, it could read more credentials than this writing task needs.
Why it was flagged
The code requires a Tavily API key, but passes the entire process environment to the external helper script, which can expose unrelated environment credentials to code outside this package.
Skill content
env: { ...process.env, TAVILY_API_KEY }Recommendation
Pass a minimal environment to the child process, such as only the required PATH and TAVILY_API_KEY, and document exactly which credentials are used.
What this means
Users or agents may rely on capabilities that are not present in the reviewed artifacts, causing failed commands or misplaced trust in the advertised feature set.
Why it was flagged
The instructions advertise rewrite and SEO scripts, and the description mentions AI duplicate checking, but the supplied file manifest contains only scripts/write.mjs.
Skill content
node {baseDir}/scripts/rewrite.mjs --file ./article.md --style professional ... node {baseDir}/scripts/seo.mjs --file ./article.md --keywords "AI,投资,股票"Recommendation
Align the documentation with the shipped files, or include and review the missing rewrite, SEO, and duplicate-checking implementations.