Render Env Guard
Security checks across malware telemetry and agentic risk
Overview
The skill has a clear Render env-checking purpose, but its script appears to accidentally feed API responses into Python as code, which should be reviewed before use.
Review or patch the shell script before installing, especially the Python parsing commands. If you do use it, keep RENDER_API_BASE_URL pointed at the official Render API, use a least-privilege Render API key, and run it only in a trusted local or CI environment.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the API response source is untrusted or the API base URL is changed, this pattern could allow remote content to run locally as Python, or at minimum make the checker fail unpredictably.
The command uses `python3 -`, meaning Python reads its program from stdin, while also applying a later here-string from `$services_json`. In bash, that can cause the API response to be treated as Python input rather than the intended here-doc parser code.
services_json="$(api_get "/services")" matches="$(python3 - "$SERVICE_NAME" <<'PY' <<<"$services_json"
Fix the parser invocation before use, for example by passing JSON through an argument, temporary file, or environment variable while keeping the Python program in the here-doc; also keep the API base URL set to Render's official endpoint unless you fully trust the alternative.
The skill can read Render service environment-variable records, which may include secrets, although the script only prints PASS/FAIL for the selected keys.
The script authenticates to Render with a bearer API key to query account/service data. This is expected for the stated purpose, but it is still privileged cloud-account access.
TOKEN="${RENDER_API_KEY:-}"
curl -fsSL \
-H "Authorization: Bearer ${TOKEN}"Use a Render API key with the minimum necessary access, run it only for the intended service, and avoid exposing the token in shared logs or untrusted CI environments.