critical
suspicious.dangerous_exec
- Location
- self_healing_engine.js:292
- Finding
- Shell command execution detected (child_process).
Auto Repair Agent
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteMedium Confidence
ASI05: Unexpected Code ExecutionWhat this means
If the user or agent runs an unsafe command through watch mode, it could modify files, run programs, or perform other local actions.
Why it was flagged
The skill can execute a shell command supplied to its watch flow. This is documented and purpose-aligned, but it gives the invoked command the user's local permissions.
Skill content
const out = execSync(command, { encoding: 'utf8', timeout: 60000 });Recommendation
Only use watch mode with commands you explicitly trust and intend to run; do not pass untrusted text directly into the command argument.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Bad learned patterns could lead to poor future repair advice, and sensitive error text may be stored locally if users teach it as a pattern.
Why it was flagged
Learned repair patterns are persisted locally and loaded in future runs, so incorrect or sensitive learned entries could influence later diagnoses.
Skill content
const PATTERNS_FILE = '.self-heal-patterns.json'; ... fs.writeFileSync(PATTERNS_FILE, JSON.stringify(custom, null, 2));
Recommendation
Review or delete .self-heal-patterns.json periodically, and avoid learning patterns that contain secrets, tokens, or private error logs.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Users have less provenance information and may not get an install-time warning that Node.js is needed.
Why it was flagged
The registry metadata gives limited provenance and does not declare the Node.js runtime that the SKILL.md examples require.
Skill content
Source: unknown; Homepage: none; Required binaries (all must exist): none; No install spec — this is an instruction-only skill.
Recommendation
Verify the publisher and review the included JavaScript before use, especially because the skill can run local commands.