critical
suspicious.dangerous_exec
- Location
- site.js:67
- Finding
- Shell command execution detected (child_process).
Buy Domain Helper
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.secret_argv_exposure
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
A crafted project name or path could cause unintended local shell commands to run, with Cloudflare token and account values present in the environment.
Why it was flagged
dir and projectName come from user-controlled CLI arguments and are interpolated into a shell command rather than passed as a safe argument array.
Skill content
execSync(`wrangler pages deploy "${dir}" --project-name "${projectName}" --branch main 2>&1`, { env })Recommendation
Replace execSync shell strings with spawn/execFile argument arrays, validate project names and paths, and avoid invoking a shell for user-controlled values.
ConcernHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Running a static-directory tunnel may download and execute whatever npm currently resolves for the serve package, adding supply-chain risk.
Why it was flagged
The tunnel workflow automatically runs an unpinned npm package through npx -y, and that dependency is not clearly declared or version-pinned in the skill metadata.
Skill content
const serveProc = spawn('npx', ['-y', 'serve', target, '-p', '8080', '-s'], { stdio: 'ignore' });Recommendation
Declare and pin the dependency, vendor or verify the helper used to serve files, or ask for explicit user confirmation before running unpinned remote packages.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Users may be asked to provide an unnecessary third-party API token unrelated to buying domains or deploying Cloudflare Pages.
Why it was flagged
The stated skill purpose and code are Cloudflare-focused, but package metadata declares a required Neta AI token that is unrelated to the documented workflow.
Skill content
"name": "NETA_TOKEN", "description": "Neta AI API token. Get it at https://www.neta.art/open/", "required": true
Recommendation
Remove the NETA_TOKEN requirement unless it is truly needed and fully documented; keep credential declarations aligned with the actual Cloudflare-only workflow.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Tokens passed on the command line can be saved in shell history or visible to local process-inspection tools while the command runs.
Why it was flagged
Cloudflare tokens are expected for this integration, but the documented examples pass them through command-line arguments.
Skill content
node site.js deploy my-site ./my-site --token <PAGES_TOKEN> --account <ACCOUNT_ID>
Recommendation
Prefer environment variables, a secret manager, or the platform’s secure credential mechanism; use narrowly scoped tokens and revoke them after use if possible.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
A wrong zone ID or project name could point the root domain at the wrong Pages project or disrupt existing DNS expectations.
Why it was flagged
The helper can make persistent DNS changes in a Cloudflare zone; this is aligned with the custom-domain feature but is high-impact account mutation.
Skill content
await api('POST', `/zones/${zoneId}/dns_records`, { type: 'CNAME', name: '@', content: `${projectName}.pages.dev`, proxied: true })Recommendation
Confirm the domain, zone ID, project name, and existing DNS records before running DNS-linking commands, and use a DNS token scoped only to the intended zone.
Findings (3)
critical
suspicious.env_credential_access
- Location
- site.js:43
- Finding
- Environment variable access combined with network send.
critical
suspicious.secret_argv_exposure
- Location
- README.md:87
- Finding
- Instructions pass high-value credentials through process argv.