critical
suspicious.dynamic_code_execution
- Location
- scripts/template_engine.py:141
- Finding
- Dynamic code execution detected.
Excel Report
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dynamic_code_execution
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
A malicious or tampered template could run code on the user's machine when report calculations are performed.
Why it was flagged
Formula text from template configuration is converted into a Python expression and evaluated without a sandbox or allowlist, so an untrusted or modified template formula could execute arbitrary Python code.
Skill content
result = eval(expr)
Recommendation
Replace eval with a restricted formula parser or AST-based evaluator that only permits expected arithmetic, column references, and approved aggregation functions.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
If enabled, the skill can use the configured email account to send generated reports.
Why it was flagged
The email feature requires SMTP account credentials and can send mail on the user's behalf; this is purpose-aligned but sensitive.
Skill content
export SMTP_HOST=smtp.gmail.com export SMTP_USER=your@email.com export SMTP_PASSWORD=xxx python scripts/generate_report.py ... --email --to user@email.com
Recommendation
Use a limited app password or dedicated SMTP account, verify recipients, and avoid storing long-lived credentials in shared shell history or environments.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Business, financial, medical, or operational data included in a report may leave the local environment via email.
Why it was flagged
Generated reports derived from local data can be sent through an external email provider when the user enables the email option.
Skill content
批量生成 + 邮件发送 ... --email --to <addr>
Recommendation
Only use email sending for intended recipients, review the generated workbook first, and avoid emailing sensitive reports unless the SMTP provider and recipient are trusted.
NoteMedium Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Users may install whatever current versions are available from their configured Python package index.
Why it was flagged
The setup instructions install dependencies without version pins or hashes; this is common for a Python reporting tool but leaves package provenance and repeatability to the user.
Skill content
pip install openpyxl pandas
Recommendation
Pin dependency versions, install from trusted indexes, and prefer a reviewed requirements file or lockfile for repeatable installs.