critical
suspicious.dynamic_code_execution
- Location
- detector.js:345
- Finding
- Dynamic code execution detected.
ClawSafe
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dynamic_code_execution, suspicious.exposed_secret_literal, suspicious.prompt_injection_instructions
Findings (7)
critical
suspicious.dynamic_code_execution
- Location
- examples/full-test.js:26
- Finding
- Dynamic code execution detected.
critical
suspicious.dynamic_code_execution
- Location
- examples/test.js:17
- Finding
- Dynamic code execution detected.
critical
suspicious.exposed_secret_literal
- Location
- detector.js:341
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- examples/test.js:16
- Finding
- File appears to expose a hardcoded API secret or token.
warn
suspicious.prompt_injection_instructions
- Location
- README.md:40
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- SKILL.md:49
- Finding
- Prompt-injection style instruction pattern detected.