Zeplin to Prompt

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dangerous_exec, suspicious.env_credential_access

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note

ASI03: Identity and Privilege Abuse

What this means

A saved Zeplin token could allow future exports of designs the token can access, and anyone with access to the local config file may be able to reuse it.

Why it was flagged

The skill asks for a Zeplin credential and stores it persistently for later authenticated exports. This is disclosed and purpose-aligned, but it is sensitive access.

Skill content

Tokens are stored in `~/.zeplin-skill-config.json` as a `projectId -> token` mapping ... Please provide a Zeplin Personal Access Token

Recommendation

Use a token with the minimum access needed, avoid sharing broad account tokens, and delete or rotate the token when finished.

Note

ASI05: Unexpected Code Execution

What this means

The skill will run local scripts and create files/directories while exporting Zeplin data.

Why it was flagged

The skill instructs the agent to execute bundled Node code locally. This is central to the export function, but it is still local code execution.

Skill content

node "${CLAUDE_SKILL_DIR}/export_screen.mjs" ... --no-open --quiet

Recommendation

Install and run it only in a trusted workspace; review local commands if you are using sensitive projects.

Note

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing dependencies may pull code from the npm ecosystem into the local environment.

Why it was flagged

The skill depends on npm-installed packages even though the registry section lists no install spec. A package-lock is present, so this is a normal but noteworthy dependency step.

Skill content

Install dependencies before the first run:

```bash
npm install
```

Recommendation

Prefer installing from the included lockfile, for example with npm ci, and run in a trusted environment.

Findings (3)

critical

suspicious.dangerous_exec

Location: export_project.mjs:100
Finding: Shell command execution detected (child_process).

critical

suspicious.dangerous_exec

Location: export_screen.mjs:34
Finding: Shell command execution detected (child_process).

critical

suspicious.env_credential_access

Location: export_project.mjs:41
Finding: Environment variable access combined with network send.