critical
suspicious.dangerous_exec
- Location
- skill.js:10
- Finding
- Shell command execution detected (child_process).
Cmd Executor
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A mistaken, malicious, or agent-generated command could read private files, change system settings, delete data, run programs, or otherwise affect the gateway machine.
Why it was flagged
The skill turns message text directly into a shell command and executes it through child_process.exec; the provided code shows no allowlist, sandbox, confirmation step, or command-impact restriction.
Skill content
const cmd = raw.replace(/^Run command:\s*/i, '').trim(); ... exec(cmd, { maxBuffer: 1024 * 1024 }, (err, stdout, stderr) => {Recommendation
Install only if you intentionally want full local shell access. Prefer sandboxing, least-privilege gateway accounts, explicit human approval for each command, and a narrow allowlist of permitted commands.
What this means
You have less context for who maintains this high-privilege skill or where to verify its code history.
Why it was flagged
The artifacts provide no upstream source or homepage, which limits provenance review for a skill that can execute arbitrary local shell commands.
Skill content
Source: unknown; Homepage: none
Recommendation
Review the included code yourself and avoid granting it access on sensitive machines unless you trust the publisher and can control its execution environment.