Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
RunBox — Paid Code Execution for AI Agents
v1.2.0Execute code in a remote, isolated Docker sandbox — paid autonomously with USDC on Stellar. Use when the user asks to run, execute, test, or benchmark code i...
⭐ 0· 15·0 current·0 all-time
bybuiltbymicheal@daraijaola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description say 'paid remote code execution via Stellar'; the skill requires python3 and STELLAR_SECRET_KEY and includes scripts to perform an on-chain 0.01 USDC payment then POST code to a run endpoint — these requirements are consistent with the claimed purpose.
Instruction Scope
SKILL.md and the included script direct the agent to use the STELLAR_SECRET_KEY to autonomously pay a third-party endpoint (default IP 46.101.74.170) and then send arbitrary code to that server for execution. The instructions also tell the agent to 'invoke automatically' whenever a user asks to run code, creating potential for repeated charges and for arbitrary code and outputs to be sent to an external service. These behaviors are within the skill's stated function but carry financial and privacy implications that are not mitigated in the docs.
Install Mechanism
No remote binary downloads or obfuscated installers. It's instruction-only with Python scripts plus a requirements.txt and an inline 'pip install' command for well-known packages (stellar-sdk, requests, python-dotenv). That is proportionate to the Python client provided.
Credentials
Only STELLAR_SECRET_KEY is required (plus optional RUNBOX_ENDPOINT/STELLAR_NETWORK). Requesting the wallet secret is proportionate to performing on-chain payments, but the secret key grants full control of the wallet (can spend or transfer funds). This is a sensitive credential — supplying it to enable autonomous payments can result in loss of funds if abused.
Persistence & Privilege
always is false, no special install-time hooks or system-wide changes are requested, and the skill does not declare config paths or attempt to modify other skills. It does enable autonomous spending by design, which is a normal (but powerful) capability for a payment-based execution skill.
Scan Findings in Context
[NO_FINDINGS] expected: Pre-scan reports no injection signatures. The code makes network calls, constructs and submits Stellar transactions, and posts code to a remote HTTP API — these are expected for a pay-to-run remote execution client.
Assessment
This skill is internally consistent with its stated purpose, but it requires your full Stellar secret key and will autonomously pay ~0.01 USDC per session to a remote server (default: http://46.101.74.170:4001). Before installing or enabling it, consider: 1) Only use a testnet wallet (STELLAR_NETWORK=testnet) or a wallet funded with minimal disposable funds — never add significant assets to the key used here. 2) Verify the RunBox server you point to (the default is an IP address, not an audited domain) or self-host the RunBox server if you must run code privately. 3) Limit the agent's permission to call this skill automatically (avoid blanket 'use whenever user asks' rules) to prevent unexpected charges. 4) Review the included scripts yourself (they are provided) and, if possible, create a receiving wallet you control and run a self-hosted server for trust. 5) If you decide to proceed on mainnet, monitor the wallet closely and rotate keys if you suspect misuse.Like a lobster shell, security has layers — review code before you run it.
latestvk979449pg4fpwka7p28j9tf41x84mfpm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3
EnvSTELLAR_SECRET_KEY