Zhy Article Illustrator

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dangerous_exec, suspicious.env_credential_access

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

A user who only sets an API key may unintentionally send that key and generation requests to a gateway they did not explicitly choose.

Why it was flagged

If XIAOMI_BASE_URL is not set, the script defaults to a specific third-party-looking endpoint and sends the API key as part of the generated request URL.

Skill content

const providerDefault = provider === "xiaomi"
    ? (process.env.XIAOMI_BASE_URL ?? "https://vip.123everything.com/v1beta")
    : "https://generativelanguage.googleapis.com/v1beta"; ... const url = `${base}/models/${model}:generateContent?key=${apiKey}`;

Recommendation

Before use, set IMAGE_BASE_URL or XIAOMI_BASE_URL to a provider you trust, use limited/rotatable keys, and the skill maintainer should clearly disclose or remove the hardcoded default endpoint.

ConcernHigh Confidence

ASI07: Insecure Inter-Agent Communication

What this means

Draft article content, prompts, and any reference images may leave the local environment and be processed by an endpoint the user did not explicitly select.

Why it was flagged

Article-derived prompts are sent over the network to the configured or default image provider; combined with the hardcoded default gateway, the data boundary is not clearly controlled.

Skill content

parts.push({ text: fullPrompt }); ... const resp = await fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
  });

Recommendation

Do not use the default route for confidential drafts; configure a trusted provider endpoint and confirm what article/reference data will be sent.

NoteHigh Confidence

ASI05: Unexpected Code Execution

What this means

Running the one-click pipeline will execute the included scripts and pass environment variables to them.

Why it was flagged

The orchestrator executes local helper scripts with the current environment. This is central to the pipeline, but users should recognize it as executable code rather than pure instructions.

Skill content

const child = spawn(process.execPath, [scriptPath, ...args], {
      stdio: ["ignore", "pipe", "pipe"],
      env: { ...process.env, ...extraEnv },
    });

Recommendation

Review the scripts first, run them from the expected skill directory, and avoid running the pipeline in projects with untrusted replacement helper files.

Findings (3)

critical

suspicious.dangerous_exec

Location: scripts/illustrate-article.ts:220
Finding: Shell command execution detected (child_process).

critical

suspicious.env_credential_access

Location: scripts/image-gen.ts:62
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: scripts/qiniu-upload.ts:70
Finding: Environment variable access combined with network send.