critical
suspicious.dangerous_exec
- Location
- scripts/xhs-card.cjs:8
- Finding
- Shell command execution detected (child_process).
xiaohongshu card generator
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Rendering an MDX file from someone else could run code in the local rendering process.
Why it was flagged
When --mdx-mode is enabled, the input Markdown/MDX file is passed to @mdx-js/mdx evaluate(), which can run embedded JavaScript during rendering rather than treating the document as inert text.
Skill content
const module = (await evaluate(markdown, { ... })) ... if (options.mdxMode) { return { html: await mdxToHtml(markdown), warnings }; }Recommendation
Only use --mdx-mode with trusted files, or disable/sandbox MDX evaluation and clearly warn users before rendering untrusted MDX.
What this means
A malicious Markdown file could affect the browser render step or make unexpected network requests instead of being rendered as plain content.
Why it was flagged
Normal Markdown mode explicitly preserves raw HTML instead of escaping or sanitizing it, so embedded HTML such as scripts, event handlers, or remote resources can remain active when the generated page is rendered.
Skill content
.use(remarkRehype, { allowDangerousHtml: true }).use(rehypeRaw).use(rehypeStringify, { allowDangerousHtml: true })Recommendation
Sanitize raw HTML by default, provide a trusted-content mode for advanced HTML, and render untrusted documents in a restricted no-network sandbox.
What this means
Installing the skill will add local Node packages and a browser runtime.
Why it was flagged
The setup script installs npm dependencies and downloads Playwright Chromium. That is normal for this renderer, but it is an external dependency/download surface.
Skill content
npm --prefix "${SCRIPT_DIR}" ci ... npx --prefix "${SCRIPT_DIR}" playwright install chromiumRecommendation
Run setup only from a trusted source, avoid elevated privileges, and review package.json/package-lock.json if supply-chain risk matters.