Deno

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

If an agent suggests a Deno command based on this skill, the permission flags determine which files, network hosts, commands, or environment variables the user's code can access.

Why it was flagged

The skill provides examples of running Deno programs with network, file-read, and environment-variable permissions. This is central to Deno guidance and the document explicitly recommends scoping, but these flags can materially affect what a user's program can access.

Skill content

deno run \
  --allow-net=0.0.0.0:8000,api.stripe.com \
  --allow-read=./public,./templates \
  --allow-env=STRIPE_KEY,DATABASE_URL \
  server.ts

Recommendation

Before running generated Deno commands, confirm that permission flags are limited to the specific paths, hosts, commands, and environment variables needed.