Skill Trust Decision

claw-body

Name: claw-body Trust Review Report
Item: claw-body
Rating: 55
Author: ClawSafe

Skill provides legitimate digital avatar functionality but uses undeclared shell execution via execSync for presentation parsing, creating a capability gap between documented and actual behavior.

Install decision first Source: Manual upload Scanned: Apr 3, 2026

Files 6

Artifacts 3

Violations 1

Findings 4

Most direct threat evidence

High

Undeclared shell execution via execSync

server.mjs uses child_process.execSync to execute python3 scripts for presentation parsing. This is not declared in SKILL.md metadata (which only lists 'node' as required binary).

server.mjs:305

Why this conclusion was reached

3/4 dimensions flagged

Block

Declared vs actual capability

1 undeclared or violating capabilities were inferred.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 0 attack-chain steps and 1 severe findings.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

What drove the risk score up

Undeclared shell execution +25

server.mjs uses child_process.execSync for presentation parsing but SKILL.md metadata only declares 'node' binary, no shell execution declared

Hardcoded demo API key +10

DEMO_CONFIG contains API key sk-ody1Xk9lw_... but this is documented as public demo key for free trial, not user credential theft

Sensitive path access +10

Reads ~/.openclaw/openclaw.json to check gateway config - declared in SKILL.md setup instructions

Most important evidence

High

Undeclared shell execution via execSync

server.mjs uses child_process.execSync to execute python3 scripts for presentation parsing. This is not declared in SKILL.md metadata (which only lists 'node' as required binary).

server.mjs:305

Declare shell:WRITE permission or document this behavior explicitly in SKILL.md

Medium

Demo API key present in source code

DEMO_CONFIG contains what appears to be a valid NuwaAI API key for free trial mode. Code comments state these are 'NuwaAI-issued public demo keys with limited quota, NOT user credentials.'

server.mjs:34

Confirm with NuwaAI that these are truly public demo keys with no associated cost or data exposure risk

Low

Permissive CORS configuration

Server sets Access-Control-Allow-Origin to '*' for local development. Acceptable for localhost-only service but worth noting.

server.mjs:135

Restrict to specific origins in production if deployed outside localhost

Low

Undeclared filesystem read access

Reads ~/.openclaw/openclaw.json for gateway token and config. While this is documented in SKILL.md setup instructions, it's not declared in metadata capability requirements.

server.mjs:18

Document filesystem:READ access for OpenClaw config in SKILL.md

Declared capability vs actual capability

Filesystem Pass

Declared NONE

→

Inferred READ

server.mjs:18 reads ~/.openclaw/openclaw.json

Filesystem Pass

Declared NONE

→

Inferred WRITE

server.mjs:56 writes .nuwa-config.json

Shell Block

Declared NONE

→

Inferred WRITE

server.mjs:305-308 execSync python3 for presentation parsing

Network Pass

Declared READ

→

Inferred READ

server.mjs:206-215 fetches nuwaai.com API

Suspicious artifacts and egress

High API Key

apiKey: "sk-ody1Xk9lw_vXkRWEPnaO8OwTFB9gbCnng2EWUl5jNbzolDSlFItc9DvWqrr6RLcL"

server.mjs:34

Medium External URL

https://nuwaai.com

SKILL.md:25

Medium External URL

https://api.nuwaai.com/web/apiKey/auth

server.mjs:215

Dependencies and supply chain

There are no structured dependency warnings.

File composition

6 files · 2739 lines

HTML 1 files · 1680 linesJavaScript 3 files · 862 linesMarkdown 1 files · 192 linesJSON 1 files · 5 lines

Files of concern · 2

server.mjs JavaScript · 579 lines

Undeclared shell execution via execSync · Demo API key present in source code · Permissive CORS configuration · Undeclared filesystem read access · apiKey: "sk-ody1Xk9lw_vXkRWEPnaO8OwTFB9gbCnng2EWUl5jNbzolDSlFItc9DvWqrr6RLcL" · https://api.nuwaai.com/web/apiKey/auth

SKILL.md Markdown · 192 lines

https://nuwaai.com

Other files · index.html · i18n.js · pcm-processor.js · _meta.json

Security positives

No evidence of credential harvesting or exfiltration

No base64-encoded or obfuscated malicious code patterns

No reverse shell, C2, or data theft indicators

Network requests are to legitimate NuwaAI service (documented and necessary)

Presentation parsing execSync is within documented feature scope

No hidden HTML comments or steganography detected

User API keys are stored in local config file, not hardcoded