Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Self-Repair System — Autonomous AI Automation
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This self-repair skill is coherent and locally focused, but it can autonomously start Ollama, run recurring checks, write logs, and modify workspace files.
Use this only if you want autonomous local repair behavior. Configure it with narrow workspace and backup paths, review scheduled routines before starting the hub, keep independent backups, and review the full source before running because the supplied self-repair.js artifact was truncated.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A misconfigured repair run could replace or recreate local workspace files.
Why it was flagged
The skill can restore files from backups and overwrite a config file with defaults. This fits the repair purpose, but it can change local files if configured broadly.
Skill content
fs.copyFileSync(source, dest); ... fs.writeFileSync(configPath, JSON.stringify(defaults, null, 2), 'utf-8');
Recommendation
Use a narrow workspacePath, explicit requiredFiles/requiredDirs, trusted backupPaths, and keep independent backups before enabling automatic repair.
What this means
Installing or invoking the hub may start a long-running local Ollama process.
Why it was flagged
The skill can launch the local Ollama service as a detached process. The visible code uses fixed arguments and no shell string, making this purpose-aligned but still a local execution capability.
Skill content
spawn(ollamaPath, ['serve'], { detached: true, stdio: 'ignore' }).unref();Recommendation
Only use this skill if you want it to start Ollama automatically, and monitor/stop the service if it is not desired.
What this means
The skill can keep performing checks and repairs after hub.start() until stopped.
Why it was flagged
The hub runs recurring health checks and starts the routine manager. This is disclosed background automation rather than hidden persistence.
Skill content
this.healthTimer = setInterval(async () => { const h = await this.repair.fullRepairCycle(); ... }, this.config.healthCheckInterval); ... this.routines.start();Recommendation
Call hub.stop() when finished, and avoid enabling routines that perform high-impact actions without review.
What this means
It is harder to independently verify authorship, updates, or issue history.
Why it was flagged
The package has limited provenance information. There is no remote installer shown, but users cannot verify an upstream homepage from the provided metadata.
Skill content
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Recommendation
Review the included source before use and prefer pinned, trusted sources for automation that can modify files or start processes.
What this means
Local logs could reveal workspace structure or operational history to anyone with filesystem access.
Why it was flagged
The skill persistently stores repair history locally. This is expected logging, but logs may include paths, errors, and repair status.
Skill content
All repairs are logged to a JSON file with timestamps. Keeps last 200 entries with automatic rotation.
Recommendation
Store logs in an appropriate workspace, avoid logging sensitive paths where possible, and apply normal filesystem permissions.