critical
suspicious.dangerous_exec
- Location
- index.js:111
- Finding
- Shell command execution detected (child_process).
Voice
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A crafted text or option value could execute unintended local commands under the agent user's account instead of only generating speech.
Why it was flagged
The skill builds a shell command from user-provided text and options, including output path, voice, rate, volume, and pitch. Only double quotes in text are partially escaped, while other shell metacharacters and option values are not validated or passed as safe argument arrays.
Skill content
const cmd = [ 'edge-tts', '--text', ..., '--write-media', outputFileName, '--voice', voice, '--rate', rate, '--volume', volume, '--pitch', pitch ].join(' '); ... await execAsync(cmd);Recommendation
Replace exec with execFile/spawn using an argument array, validate voice/rate/volume/pitch with strict allowlists, and constrain output paths to the skill's temp directory.
What this means
On Windows, a specially crafted file path could alter the PowerShell command used for playback.
Why it was flagged
The play action accepts params.filePath and embeds it into a PowerShell command string. Even though spawn is used, PowerShell still interprets the supplied script string.
Skill content
player = 'powershell'; playerArgs = ['-c', `(New-Object Media.SoundPlayer ...${filePath}...).PlaySync();`];Recommendation
Avoid building PowerShell script strings from file paths; use a safer playback API or pass paths via non-interpreted parameters with strict validation.
What this means
Installing the skill dependency may download and run package code from the Python package ecosystem.
Why it was flagged
The skill can install an external Python package at runtime. This is disclosed in the docs and aligned with the TTS purpose, but it is not pinned to a specific version and the registry install spec is empty.
Skill content
await execAsync('pip3 install edge-tts');Recommendation
Review the edge-tts package source/provenance, pin a known-good version, and prefer a declared install spec over an ad hoc install action.
What this means
Sensitive text provided for speech may be handled by the TTS provider/tool rather than staying only in the agent's local prompt.
Why it was flagged
The text to be spoken is processed through the Edge TTS engine/tool. This is central to the skill and disclosed, but it means users should consider where sensitive text is processed.
Skill content
Text-to-speech conversion using Microsoft Edge's TTS engine
Recommendation
Do not send secrets or private content to TTS unless you are comfortable with the provider/tool processing it; document the data flow clearly.
What this means
A cleanup request could remove unrelated old audio files if they are stored in the same temp directory.
Why it was flagged
The cleanup action deletes any old mp3, wav, or ogg file in the temp directory, not only files with the skill's tts_ prefix.
Skill content
const files = fs.readdirSync(tempDir); ... file.match(/\.(mp3|wav|ogg)$/) ... fs.unlinkSync(filePath);
Recommendation
Limit cleanup to files created by this skill, such as a dedicated subdirectory or a strict filename prefix.