security-scanner

Detects vulnerabilities and malware in code, providing risk assessments and actionable recommendations for secure installations.

Install this skill

or

0/100

Security score

The security-scanner skill was audited on Feb 9, 2026 and we found 29 security issues across 5 threat categories, including 7 critical. Review the findings below before installing.

Categories Tested

Security Issues

critical line 45

Direct command execution function call

SourceSKILL.md

45	- `exec()` - Command execution

critical line 73

Direct command execution function call

SourceSKILL.md

73	- ✗ `exec()`

critical line 189

Direct command execution function call

SourceSKILL.md

189	### eval() / exec()

high line 29

Eval function call - arbitrary code execution

SourceSKILL.md

29	security-scanner --code "eval(userInput)"

critical line 44

Eval function call - arbitrary code execution

SourceSKILL.md

44	- `eval()` - Arbitrary code execution

critical line 72

Eval function call - arbitrary code execution

SourceSKILL.md

72	- ✗ `eval()`

critical line 189

Eval function call - arbitrary code execution

SourceSKILL.md

189	### eval() / exec()

critical line 190

Eval function call - arbitrary code execution

SourceSKILL.md

190	Finding: "eval() allows arbitrary code execution"

high line 285

Eval function call - arbitrary code execution

SourceSKILL.md

285	security-scanner --code "eval(userInput)"

medium line 55

Node child_process module reference

SourceSKILL.md

55	- `child_process` calls (spawning external commands)

medium line 75

Node child_process module reference

SourceSKILL.md

75	- ⚠ `child_process` module imports

low line 110

Node child_process module reference

SourceSKILL.md

110	Line 42: [CAUTION] child_process allows spawning external commands

low line 111

Node child_process module reference

SourceSKILL.md

111	Code: require('child_process')

low line 112

Node child_process module reference

SourceSKILL.md

112	Context: const spawn = require('child_process').spawn;

medium line 198

Node child_process module reference

SourceSKILL.md

198	### child_process Import

medium line 199

Node child_process module reference

SourceSKILL.md

199	Finding: "child_process allows spawning external commands"

low line 116

Fetch to external URL

SourceSKILL.md

116	Code: fetch('https://api.example.com/verify')

low line 117

Fetch to external URL

SourceSKILL.md

117	Context: return fetch('https://api.example.com/verify', {...})

medium line 236

Fetch to external URL

SourceSKILL.md

236	- ✅ `fetch('https://api.github.com/...')` → Normal

medium line 237

Fetch to external URL

SourceSKILL.md

237	- ❌ `fetch('https://malware-collection.ru/...')` → Dangerous

medium line 78

Access to .env file

SourceSKILL.md

78	- ✗ `process.env.SECRET`, `process.env.API_KEY`, etc.

medium line 79

Access to .env file

SourceSKILL.md

79	- ⚠ Dynamic environment variable access `process.env[varName]`

medium line 208

Access to .env file

SourceSKILL.md

208	### process.env.API_KEY

high line 89

Hex-encoded characters

SourceSKILL.md

89	- ⚠ Hex-encoded strings (`\x41\x42\x43`)

low line 90

Unicode escape sequences

SourceSKILL.md

90	- ⚠ Unicode-encoded strings (`\u0041\u0042`)

low line 116

External URL reference

SourceSKILL.md

116	Code: fetch('https://api.example.com/verify')

low line 117

External URL reference

SourceSKILL.md

117	Context: return fetch('https://api.example.com/verify', {...})

low line 236

External URL reference

SourceSKILL.md

236	- ✅ `fetch('https://api.github.com/...')` → Normal

low line 237

External URL reference

SourceSKILL.md

237	- ❌ `fetch('https://malware-collection.ru/...')` → Dangerous

Scanned on Feb 9, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categorydevelopment

UpdatedApril 10, 2026

openclaw backend security-engineer devops-sre backend-developer development

openclaw/skills