critical
suspicious.dangerous_exec
- Location
- scripts/run_all.js:39
- Finding
- Shell command execution detected (child_process).
zhihu blog generator
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A maliciously crafted topic or argument could cause local shell commands to run on the user's machine.
Why it was flagged
A user-provided topic argument is forwarded into a shell-enabled child process. Shell execution is expected for the runner, but shell:true with unsanitized arguments can let metacharacters execute commands outside the blog-generation purpose.
Skill content
const topicArg = args.find(a => a.startsWith('--topic='))?.split('=')[1]; ... const allArgs = [scriptPath, `--session=${sessionId}`, ...extraArgs]; ... spawn('node', allArgs, { stdio: 'inherit', shell: true })Recommendation
Remove shell:true, use spawn/execFile without a shell, pass arguments as an array only, and validate or escape topic input before invoking subprocesses.
What this means
If copied to Zhihu or another public site, the output may mislead readers into believing the author personally measured or experienced things that were actually generated.
Why it was flagged
The generator can add first-person experience and specific performance claims without showing that these facts came from user input or collected sources.
Skill content
content += `根据我的实践,${topic.title}特别适合以下场景:`; ... content += `我们内部一个服务接入后,P99延迟从120ms降到了15ms。`Recommendation
Require source-backed claims, use placeholders for unverified experience/data, and prompt the user to verify or disclose AI-generated sections before publishing.
What this means
The skill may fail until dependencies are manually installed, and users may not know which exact package versions to trust.
Why it was flagged
The code requires a third-party npm package, while the supplied metadata shows no install spec and the manifest does not include package.json or a lockfile. This is not malicious by itself, but dependency provenance and pinning are unclear.
Skill content
const { v4: uuidv4 } = require('uuid');Recommendation
Publish a package.json and lockfile, declare Node/npm requirements in metadata, and document pinned installation steps.