critical
suspicious.dangerous_exec
- Location
- scripts/cdp.ts:59
- Finding
- Shell command execution detected (child_process).
Feishu Sheet Links
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.env_credential_access
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A Feishu page may be accessed using an existing browser session rather than a clean public-only context, which can blur the boundary between public scraping and authenticated account access.
Why it was flagged
The script prefers attaching to an already-running Chrome debug instance. That browser may have existing Feishu cookies or other logged-in state, while the skill is presented as working with public documents only.
Skill content
const existingWs = await findExistingChrome(); ... if (existingWs) { cdp = await CdpSession.connect(existingWs); }Recommendation
Default to the isolated profile, make existing-session reuse opt-in, and clearly warn users when a logged-in Chrome profile may be used.
What this means
A malicious or unusual spreadsheet/link JSON could cause Markdown files to be written somewhere other than the folder the user selected.
Why it was flagged
The sheet/month name from the links JSON is used directly in a filesystem path, while only the title is sanitized. A crafted sheet name containing path separators could write outside the intended output directory.
Skill content
let fname = `${month}-${slug}.md`; let fpath = path.join(outDir, fname); ... await writeFile(fpath, md, "utf-8");Recommendation
Sanitize the sheet name as well as the title, and verify the resolved output path remains inside the chosen output directory before writing.
What this means
If the spreadsheet contains unexpected links, the tool may automatically visit them during batch download.
Why it was flagged
The downloader opens every URL from the extracted links file in Chrome. This is expected for batch downloading, but it means spreadsheet-controlled links drive browser navigation.
Skill content
for (const l of links) items.push({ month, text: l.text, url: l.url }); ... const { targetId } = await cdp.send<{ targetId: string }>("Target.createTarget", { url });Recommendation
Review the extracted URL list before downloading, and consider adding scheme/domain allowlists for Feishu article downloads.
What this means
The runtime used to execute the scripts may be fetched dynamically rather than coming from a pinned, preinstalled toolchain.
Why it was flagged
The workflow runs Bun through `npx -y` without a pinned version, while registry requirements do not declare Bun or Chrome as required binaries.
Skill content
npx -y bun "${SKILL_DIR}/scripts/main.ts" "<spreadsheet-url>" -o feishu-links.jsonRecommendation
Declare Bun and Chrome in metadata, prefer a locally installed Bun binary, and pin versions where practical.
Findings (2)
critical
suspicious.env_credential_access
- Location
- scripts/cdp.ts:11
- Finding
- Environment variable access combined with network send.