ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Run

The universal execution primitive for AI agents. A secure, sandboxed environment designed to compile, execute, and manage code, scripts, and automated workfl...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 224 · 2 current installs · 2 all-time installs
by@duclawbot
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description match the SKILL.md: this is intended as a universal execution primitive. However, the document claims hardware-level sandboxing (gVisor/Firecracker), network isolation, biometric confirmations, and deployment to cloud-edge nodes while the skill is instruction-only and requests no binaries, installs, or credentials. Those runtime capabilities would require privileged host components and install steps that are not declared — a mismatch between claims and what the skill actually requires/provides.
!
Instruction Scope
The instructions grant broad, open-ended authority: 'execute' arbitrary code snippets with auto-dependency injection, 'automate' long-running jobs, and 'deploy' to production/edge. The SKILL.md is high-level and lacks concrete, enforceable steps for how sandboxing, network whitelisting, or biometric confirmations are implemented. Vague guidance like this gives the agent wide discretion to run or schedule arbitrary code without clear, auditable constraints.
Install Mechanism
There is no install spec or code — instruction-only. That is lowest-risk from a supply-chain perspective, but it also means the file is purely a policy/behavior description and cannot actually provide the claimed sandboxing or system-level protections. The absence of an implementation is itself a security and trust problem.
Credentials
The skill declares no required environment variables, binaries, or config paths, which on the surface is proportionate. However, its stated capabilities (deploying to cloud-edge, integrating hardware sandboxes) typically require credentials, host agents, or binaries; their absence is an unexplained inconsistency.
!
Persistence & Privilege
always is false (good) but model invocation is allowed (default). Because the SKILL.md authorizes running arbitrary code and scheduling automated tasks, allowing autonomous invocation increases risk: an agent could trigger executions without clear, enforceable controls. The combination of vague execution authority and autonomous invocation is concerning.
What to consider before installing
This SKILL.md reads like a high-level specification rather than an implemented, reviewable feature. Before installing, ask the publisher for: (1) implementation code or an install spec showing how sandboxing, network isolation, and biometric confirmation are enforced; (2) a list of required host binaries, services, and credentials (e.g., gVisor, Firecracker, cloud keys) and why each is needed; (3) an access-control and audit plan (how executions are logged, who can approve high-risk actions, how whitelists are managed); (4) provenance (who operates the runtime and where it runs). If you cannot review an implementation, avoid enabling autonomous invocation for this skill and prefer manual invocation only. Treat this skill as potentially dangerous until its concrete implementation and least-privilege controls are provided and reviewed.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
automationvk97bvrqkrzdw2papbty5d6dnwx82hafacodevk97bvrqkrzdw2papbty5d6dnwx82hafacomputevk97bvrqkrzdw2papbty5d6dnwx82hafaexecutevk97bvrqkrzdw2papbty5d6dnwx82hafalatestvk97bvrqkrzdw2papbty5d6dnwx82hafarunvk97bvrqkrzdw2papbty5d6dnwx82hafa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Run: The Execution Layer

Philosophy

Thinking without acting is hallucination. Acting without a secure environment is a risk. Run provides the standardized, sandboxed interface where an agent's plans become reality. It is the final step in the "Think-Plan-Execute" cycle.

Execution Engine Specs

  "runtime":    "Polyglot support (Python, JS, Rust, Bash, SQL)",
  "security":   "Strict hardware-level sandboxing (gVisor/Firecracker)",
  "state":      "Ephemeral or Persistent session management",
  "concurrency": "Parallel task execution with dependency resolution"
}```

---

## Core Primitives
```FUNCTIONS = {
  "execute": {
    "scope":   "Run arbitrary code snippets with auto-dependency injection",
    "trigger": "Run this script"
  },
  "automate": {
    "scope":   "Long-running cron jobs and event-driven triggers",
    "trigger": "Run this every Monday at 9AM"
  },
  "deploy": {
    "scope":   "Instant deployment of local logic to cloud-edge nodes",
    "trigger": "Run this in production"
  }
}```

---

## Safety & Governance
1. **Resource Capping**: Prevents infinite loops and CPU/Memory exhaustion.
2. **Network Isolation**: Blocks unauthorized outbound requests unless whitelisted.
3. **Human-in-the-loop**: High-risk commands (e.g., `rm -rf`) require explicit biometric confirmation.

---

## Use Cases
- **Data Science**: "Run a regression analysis on this CSV and output the chart."
- **Web Scraping**: "Run a scan of these 50 URLs and extract the pricing data."
- **System Admin**: "Run the cleanup script if disk usage exceeds 80%."
---

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…