Skillv3.2.5

Static analysis security

Clawhub Skill · Deterministic local checks for risky code patterns and metadata mismatches.

Scanner verdict

ReviewApr 30, 2026, 5:20 AM

Summary: Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access (+1 more)
Reason codes: suspicious.dangerous_execsuspicious.dynamic_code_executionsuspicious.env_credential_accesssuspicious.potential_exfiltration
Engine: v2.4.5

Evidence

criticalcc-soul/cli.js:321

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalcc-soul/context-prep.js:38

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalcc-soul/handler-commands.js:314

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalcc-soul/handler.js:406

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalcc-soul/health.js:115

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalscripts/install.js:110

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalsrc/cli.ts:431

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalsrc/context-prep.ts:87

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalsrc/handler-commands.ts:343

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalsrc/handler.ts:457

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalsrc/health.ts:197

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalcc-soul/sqlite-store.js:52

Dynamic code execution detected.

suspicious.dynamic_code_execution

criticalsrc/sqlite-store.ts:67

Dynamic code execution detected.

suspicious.dynamic_code_execution

criticalcc-soul/benchmark-locomo.js:9

Environment variable access combined with network send.

suspicious.env_credential_access

criticalcc-soul/context-prep.js:131

Environment variable access combined with network send.

suspicious.env_credential_access

criticalcc-soul/plugin-entry.js:5

Environment variable access combined with network send.

suspicious.env_credential_access

criticalsrc/benchmark-locomo.ts:23

Environment variable access combined with network send.

suspicious.env_credential_access

criticalsrc/context-prep.ts:205

Environment variable access combined with network send.

suspicious.env_credential_access

criticalsrc/plugin-entry.ts:14

Environment variable access combined with network send.

suspicious.env_credential_access

warncc-soul/benchmark-locomo.js:1

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warncc-soul/cli.js:3

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warncc-soul/context-prep.js:1

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warncc-soul/plugin-entry.js:1

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warncc-soul/rag.js:1

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warnsrc/benchmark-locomo.ts:13

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warnsrc/cli.ts:14

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warnsrc/context-prep.ts:12

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warnsrc/handler-augments.ts:45

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warnsrc/plugin-entry.ts:9

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration

warnsrc/rag.ts:9

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration