Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Employee Reminder Ops
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its reminder-report purpose, but the bundled script contains live-looking Google/Discord defaults and credential use that could send employee data to the wrong place if not reconfigured.
Install only if you control the Google Sheet, Google auth account, Discord bot, and destination channel. Before any send or scheduler mode, explicitly set PLAN_A_SHEET_ID, GOG_ACCOUNT, DISCORD_CHANNEL_ID, and DISCORD_BOT_TOKEN, run preview/json first, and remove or override the packaged defaults.
Static analysis
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A user or agent could run the workflow with embedded defaults and read or post using unintended Plan A resources.
Why it was flagged
The package documents concrete operational defaults for a real-looking sheet, channel, and account, while SKILL.md says these should be deployment config kept outside the skill package.
Skill content
## Mặc định hiện tại - Sheet ID: `17JU1m6rBOhlD7vqSTrMOSPcEQehO04HnYg7oMeDXnn8` - Discord channel: `1483444824895000697` - Gog account: `vinhtamforwork@gmail.com`
Recommendation
Remove hardcoded operational IDs from the package, require explicit local configuration, and make the setup docs match the actual runtime behavior.
What this means
The workflow can act with the privileges of the local Google account and Discord bot, including reading staff sheets and posting messages to a channel.
Why it was flagged
The script uses a Google account selected through local gog authentication and a Discord bot token to access and post data, but registry metadata declares no primary credential or required env vars.
Skill content
gogAccount: process.env.GOG_ACCOUNT || 'vinhtamforwork@gmail.com', ... const fullArgs = ['--account', CONFIG.gogAccount, ...args]; ... Authorization: `Bot ${CONFIG.discordBotToken}`Recommendation
Declare required credentials and env vars in metadata, require the user to set the Google account and Discord destination explicitly, and document the minimum needed Google/Discord permissions.
What this means
Employee birthday and event information could be posted to an unintended Discord channel if configuration is not carefully overridden.
Why it was flagged
The report includes employee names/departments and is sent to Discord; this is purpose-aligned, but the destination has a hardcoded default and the data boundary is not declared in metadata.
Skill content
for (const item of data.birthdaysToday) lines.push(`- 🎂 Sinh nhật: ${item.name} (${item.dept || 'Chưa rõ bộ phận'})`); ... fetch(`https://discord.com/api/v10/channels/${CONFIG.discordChannelId}/messages`, ... body: JSON.stringify({ content }))Recommendation
Require explicit confirmation of the destination channel before live sends, use a test channel for validation, and avoid defaulting to real channel IDs.
What this means
Running the script will use the local gog installation and whatever Google auth profile is available for the configured account.
Why it was flagged
The skill invokes the external gog CLI to read Google Sheets. This fits the stated purpose and uses execFileSync without a shell, but it relies on local CLI behavior and authentication.
Skill content
const out = execFileSync('gog', fullArgs, { encoding: 'utf8' });Recommendation
Install gog only from a trusted source, verify the selected account, and run preview/json modes before enabling any send mode.
What this means
A user may install the skill without realizing additional local tooling and auth setup are needed.
Why it was flagged
The docs require Node.js and gog, but registry requirements list no required binaries. This is an under-declared setup dependency rather than evidence of hidden installation.
Skill content
## Runtime requirements - Node.js - gog CLI + Google auth
Recommendation
Add Node.js/gog requirements and credential expectations to the registry metadata and keep dependency provenance documented.
What this means
If scheduled, the workflow can keep posting daily reports until the scheduler or script is disabled.
Why it was flagged
The wrapper is designed to run the production send flow using local environment configuration, consistent with the documented scheduled daily report workflow.
Skill content
source ./.env.plan-a /usr/bin/env node plan-a-demo.js prod-send
Recommendation
Do not enable the scheduler until preview output, sheet ID, account, Discord channel, and duplicate-send state behavior have all been verified.