Description

When running Nuclei with template ID filters (e.g., -id tech-detect), warnings about failed variable expression evaluations appear for templates that are not being executed:

$ ./bin/nuclei -u https://scanme.sh -id tech-detect -vv -debug

[WRN] Failed to evaluate expression 'sha1(serial)': No parameter 'serial' found.
[WRN] Failed to evaluate expression 'replace(user, '.', '')': No parameter 'user' found.
[WRN] Failed to evaluate expression 'replace(user, '.', '')': No parameter 'user' found.

These warnings come from unrelated templates like:

• CVE-2023-6329.yaml
• tumblr.yaml
• smugmug.yaml

Root Cause:

The issue occurs during the WorkflowLoader initialization phase, where:

1. All templates are scanned during WorkflowLoader initialization to build an index for potential workflow references.
2. Variables are eagerly evaluated during YAML unmarshaling (UnmarshalYAML/UnmarshalJSON).
3. Evaluation happens with empty context (map[string]interface{}{}) at parse time.
4. Expressions fail when they reference runtime parameters that do NOT exist at parse time.

The current checkForLazyEval() only marks variables as lazy if they contain:

• Known runtime variables (Host, BaseURL, etc.).
• Special cases like interactsh-url.

It doesn't detect expressions that reference undefined parameters, causing eager eval to fail and produce warnings.