critical
suspicious.dangerous_exec
- Location
- server/index.js:381
- Finding
- Shell command execution detected (child_process).
AI Image Generator & Splitter
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access (+1 more)
Findings (11)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If the local service is reachable or misused, files from arbitrary local paths could be sent to the external upload service, not just images the user intentionally selected.
Why it was flagged
The upload service is not limited to browser-selected images; it accepts local absolute paths, reads the file from disk, and uploads the content to the configured provider using a platform token.
Skill content
支持多种输入格式... 2. 本地绝对路径 - 从硬盘读取文件上传 ... const buffer = fs.readFileSync(filePath); ... axios.post(config.server.upload_url, formData, { headers: { 'Authorization': `Bearer ${platformToken}`Recommendation
Restrict uploads to explicit user-selected image files, validate MIME type and extension, block arbitrary absolute paths by default, and require a clear confirmation before any local file is uploaded.
What this means
A crafted request to the local service may be able to trigger operating-system command execution behavior, especially if command arguments are not safely escaped.
Why it was flagged
The open-folder endpoint takes a path from the HTTP request and the static scan shows it reaches child_process.exec, creating shell-execution risk around a user-controlled path.
Skill content
app.post('/api/open-folder', (req, res) => { ... const { path: folderPath } = req.body; ... fs.existsSync(folderPath) ... exec(command, (error) => {Recommendation
Avoid shell exec for opening folders; use safer spawn/execFile APIs with argument arrays, restrict paths to the app’s generated image directory, and require local-only authenticated access.
What this means
Provider tokens can remain available to later requests while the server runs and may appear in local logs, increasing the impact of any misuse of the local API.
Why it was flagged
The service persists a request-supplied platform token in process.env and logs the full upload request object, which may include credentials or file data.
Skill content
const platformToken = data.platform_token || process.env.PLATFORM_TOKEN; ... if (data.platform_token) { process.env.PLATFORM_TOKEN = data.platform_token; } ... console.log(data)Recommendation
Do not log request bodies containing tokens, store credentials in a scoped secret store instead of process.env, and clear or isolate credentials per user/session.
What this means
If attacker-controlled script text can enter the loaded UI content, it could run in the browser context and potentially access locally stored API keys.
Why it was flagged
The frontend dynamically executes text from the DOM, which is not necessary for the stated image-generation purpose and can magnify any HTML/script injection issue.
Skill content
eval($(this).text());
Recommendation
Remove eval and load trusted scripts through static files or explicit module imports; avoid executing script text extracted from HTML.
What this means
Installing later may pull dependency versions that were not the exact versions reviewed here.
Why it was flagged
The skill depends on standard Node packages for its purpose, but caret ranges and no included lockfile mean npm install may resolve different package versions over time.
Skill content
"dependencies": { "axios": "^1.13.6", "cors": "^2.8.6", "express": "^5.2.1", "form-data": "^4.0.0", "sharp": "^0.34.5", "sqlite3": "^6.0.1" }Recommendation
Use a lockfile or pinned dependency versions and install only from trusted package registries.
Findings (11)
critical
suspicious.dynamic_code_execution
- Location
- public/js/win.js:94
- Finding
- Dynamic code execution detected.
critical
suspicious.env_credential_access
- Location
- server/index.js:24
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- server/services/request.js:188
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- server/services/task.js:79
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- server/services/upload.js:28
- Finding
- Environment variable access combined with network send.
critical
suspicious.exposed_secret_literal
- Location
- public/components/settings.html:46
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- public/components/task-detail.html:133
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- public/js/app.js:131
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- public/list.html:841
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- server/services/request.js:194
- Finding
- File appears to expose a hardcoded API secret or token.