Deno
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: deno Version: 1.0.0 The OpenClaw AgentSkills bundle for Deno is benign. It consists entirely of documentation (`SKILL.md`, `imports.md`, `node-compat.md`, `permissions.md`) providing educational content, best practices, and warnings about common pitfalls and security risks when working with the Deno runtime. Crucially, sections discussing security vulnerabilities (e.g., 'Permission Traps' in `SKILL.md`, 'Permission Combinations' in `permissions.md`) are framed as warnings and educational material to help users *avoid* insecure configurations, rather than instructions for the AI agent to perform malicious actions or exploit vulnerabilities. There is no evidence of prompt injection, data exfiltration, malicious execution, persistence mechanisms, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent suggests a Deno command based on this skill, the permission flags determine which files, network hosts, commands, or environment variables the user's code can access.
The skill provides examples of running Deno programs with network, file-read, and environment-variable permissions. This is central to Deno guidance and the document explicitly recommends scoping, but these flags can materially affect what a user's program can access.
deno run \ --allow-net=0.0.0.0:8000,api.stripe.com \ --allow-read=./public,./templates \ --allow-env=STRIPE_KEY,DATABASE_URL \ server.ts
Before running generated Deno commands, confirm that permission flags are limited to the specific paths, hosts, commands, and environment variables needed.