Back to skill
Skillv3.2.14
Static analysis security
Castreader Openclaw Skill · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousMar 30, 2026, 4:36 PM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.2.0
Evidence
criticalscripts/read-url.js:133
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalscripts/generate-text.js:16
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/read-url.js:29
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/sync-books.js:38
Environment variable access combined with network send.
suspicious.env_credential_access
warnscripts/generate-text.js:103
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/read-url.js:130
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/sync-books.js:130
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration