Run
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill claims to provide a secure execution sandbox but gives broad instructions for arbitrary code execution, automation, and production deployment without any implementation or clear safeguards.
Review carefully before installing. This skill does not include an actual sandbox implementation, yet it encourages broad code execution, persistent automation, and production deployment. Only use it if you can independently verify the runtime, approval controls, network limits, and rollback protections.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed using available local tools, the agent could run unreviewed code or install dependencies in ways that affect the user’s machine or data.
The skill directs the agent toward arbitrary code execution and automatic dependency handling without showing any implementation, dependency provenance, sandbox boundary, or approval mechanism.
"scope": "Run arbitrary code snippets with auto-dependency injection"
Do not rely on this skill as a safe execution sandbox unless it ships a reviewed implementation with explicit execution, dependency, network, and file-system limits.
An agent could interpret this as permission to make high-impact production or cloud changes without enough user control.
The instructions include production deployment authority, but do not define target scope, credentials, approvals, rollback, audit, or containment.
"deploy": { "scope": "Instant deployment of local logic to cloud-edge nodes", "trigger": "Run this in production" }Require explicit human approval, named deployment targets, reviewable diffs, rollback steps, and scoped credentials before any production action.
Automation could continue after the immediate request and perform actions later without the user noticing.
The skill describes persistent autonomous activity but does not define duration limits, cancellation, monitoring, or user consent requirements.
"automate": { "scope": "Long-running cron jobs and event-driven triggers" }Only allow scheduled or event-driven work with explicit user opt-in, visible job listings, expiration times, and easy cancellation.
A user may over-trust the skill and allow dangerous execution because they believe sandboxing and biometric approval are enforced.
These strong safety claims are not backed by any provided code, install mechanism, required runtime, or capability declaration, making them potentially misleading.
"security": "Strict hardware-level sandboxing (gVisor/Firecracker)" ... "High-risk commands ... require explicit biometric confirmation."
Treat the safety claims as unverified until the skill provides auditable implementation artifacts and clear enforcement details.