Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
NightPatch
Security checks across static analysis, malware telemetry, and agentic risk
Overview
NightPatch is not clearly malicious, but it can make unattended local shell and workspace changes, and its cron/setup behavior and raw shell execution need review before use.
Install only after reviewing the scripts. Start with ./start.sh dry-run, do not enable cron until you are comfortable with real changes, back up ~/.bashrc and important workspace files, and check that alias names and patch suggestions are safe before allowing automatic runs.
Static analysis
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A malformed or crafted alias suggestion could potentially run commands as the user running NightPatch.
Why it was flagged
The static scan shows a shell command built with an interpolated alias value. In an automated tool that derives patch suggestions, an insufficiently validated alias could cause unintended shell execution.
Skill content
const checkAlias = execSync(`alias ${suggested_alias} 2>/dev/null || true`, {Recommendation
Only allow alias names matching a strict safe pattern, avoid shell interpolation where possible, and require user confirmation before any shell-profile change.
What this means
If a user enables the generated cron path expecting detection-only behavior, NightPatch may apply real local changes overnight.
Why it was flagged
The cron setup script writes a nightly runner that uses real run mode. This conflicts with the provided run-nightly.sh and release messaging that emphasize default dry-run behavior, so users may over-trust the safety posture.
Skill content
cat > "$CRON_SCRIPT" << 'EOF' ... if ./start.sh run >> "$LOG_FILE" 2>&1; then
Recommendation
Make cron setup default to dry-run unless the user explicitly opts into real patching, and align all documentation and generated scripts.
What this means
Local reports or audit logs may reveal command patterns, filenames, or workflow details even without external transmission.
Why it was flagged
The skill clearly discloses reading command history and scanning workspace files, and writing shell configuration. This is purpose-aligned, but command histories and workspace files may contain sensitive information.
Skill content
技能会访问以下文件: - `~/.bash_history` - **只读**,分析命令使用频率 - `~/.bashrc` - **读写**,仅添加新别名到.bashrc文件(可回滚) - 工作区文件 - **只读扫描**,仅在用户确认后移动
Recommendation
Run dry-run first, review generated reports/logs, and avoid using it on workspaces or shell histories that contain secrets.
What this means
Users may not realize this is a runnable Node/shell package with dependencies when relying only on registry metadata.
Why it was flagged
Registry-level metadata does not describe a source or install spec, while the artifact bundle contains runnable scripts and npm dependency installation steps. The included source and lockfile reduce ambiguity, but users should still verify provenance.
Skill content
Source: unknown Homepage: none Install specifications No install spec — this is an instruction-only skill.
Recommendation
Confirm the package source, review the included scripts, and install dependencies only from trusted registries.