CLI Anything
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill coherently helps inspect and adapt a local CLI-Anything repository, with documented local command and install steps but no hidden credential, network, or destructive behavior.
Before using the install or validation steps, confirm the local CLI-Anything checkout is trusted, review the selected harness code, and use an isolated Python environment when possible. Publishing or packaging should only happen after explicit user approval.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the local CLI-Anything repository or a harness inside it is modified or untrusted, the generated or installed CLI could behave unexpectedly.
The skill relies on a local checkout outside the skill package as its source of truth; this is central to the method, but users should ensure that checkout and any harness code are trusted before use.
The repository is expected at: `/root/.openclaw/workspace/CLI-Anything`
Use a trusted version-controlled checkout and review the specific harness before installing, running, or packaging it.
Running this kind of install can alter the local Python environment and may affect other tools if done outside an isolated environment.
The documented validation flow installs a local harness into the current machine Python environment; this is purpose-aligned, but it can execute setup/install code and persist environment changes.
python3 -m pip install --break-system-packages -e /root/.openclaw/workspace/CLI-Anything/gimp/agent-harness
Prefer a virtual environment for harness installation, avoid --break-system-packages unless intentionally accepted, and get user approval before modifying the Python environment.