First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
4
Score
100/100
Findings (4)
Detects execution of shell script files via bash/sh command or direct invocation
./install.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects git clone of repositories followed by execution of cloned content
git clone https://github.com/Eugene9D/openclaw-workspace-pro.git + cd openclaw-workspace-pro
./install.shReview the dependency tree for nested or transitive dependencies that introduce risk. Use tools like npm audit or pip-audit to identify known vulnerabilities in the dependency chain.
Likely FP if the flagged dependency is a standard, widely-used library with no known vulnerabilities at the time of scanning.
Detects execution of shell script files via bash/sh command or direct invocation
./install.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
./install.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.