The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents an indirect prompt injection risk by ingesting data from external vulnerability databases and scanning tool outputs and displaying it in conversation messages without delimiters or sanitization.
Ingestion points: scripts/scan_dependencies.mjs (audit tool output), scripts/query_cve_databases.mjs (OSV/NVD API responses), and scripts/sast_analyzer.mjs (Semgrep/Bandit output).
Boundary markers: Absent in the reporting logic within lib/report.mjs and the hook handler in hooks/clawsec-scanner-hook/handler.ts.
Capability inventory: The skill can execute subprocesses via spawn and execCommand defined in lib/utils.mjs.
Sanitization: External content is not sanitized or escaped before interpolation into system messages.
[COMMAND_EXECUTION]: The skill executes multiple system binaries and dynamically discovered scripts as part of its scanning functionality.
Subprocess Execution: Uses spawn with argument arrays to invoke binaries like node, npm, python3, semgrep, and bandit, providing standard protection against shell injection.
Dynamic Code Execution: In scripts/dast_hook_executor.mjs, the skill transpiles and imports JavaScript/TypeScript code found in target directories to verify hook security. This execution of local code is a core DAST feature but involves a risk if the target directory contains malicious scripts.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch vulnerability data from well-known technology services.
Vulnerability Databases: Queries api.osv.dev and services.nvd.nist.gov for advisory data.
[REMOTE_CODE_EXECUTION]: The documentation in SKILL.md provides a manual installation script that downloads a ZIP archive from the author's GitHub repository (prompt-security/clawsec) and extracts it to the local system.

clawsec-scanner