Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Code Executor
v1.0.0Safe code execution in sandboxed environments. Supports Python, JavaScript, Bash, and more with resource limits and timeout controls.
⭐ 0· 105·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims sandboxed multi-language code execution with resource/network/file isolation, but there are no code files, no install spec, and no declared runtime binaries. The usage examples call python3 scripts/execute.py, yet the repository contains no scripts and required binaries list is empty — these requirements do not align with the stated purpose.
Instruction Scope
SKILL.md instructs running a local script (python3 scripts/execute.py) with options to execute arbitrary user code and read files (e.g., --file ./script.py). It therefore expects filesystem access and a local executor binary, but provides no guidance about how the executor is supplied or how sandboxing/isolation is enforced. That leaves broad discretion and potential for executing arbitrary code without demonstrated containment.
Install Mechanism
There is no install specification and no code files. Instruction-only skills are low-risk when they rely on already-present, declared tooling; here the documentation depends on a script that does not exist and no mechanism to obtain it is provided. This is an incoherence (missing artifact), not a safe-by-design implementation.
Credentials
The skill declares no environment variables or credentials, which is proportionate. However, it uses python3 and implies other runtimes (node, ruby, go) in examples without declaring required binaries or toolchain. Lack of declared binaries is a mismatch and should be addressed.
Persistence & Privilege
Defaults are used (always: false, model invocation allowed). There's no request for permanent presence or modification of other skills. Autonomous invocation is allowed but not combined with other privileged requests in this metadata.
What to consider before installing
Do not install or run this skill as-is. The SKILL.md references a local executable (scripts/execute.py) and multiple runtimes but the package contains no code or install instructions — that means the skill cannot actually provide the sandbox and could cause unexpected behavior if a similarly named script exists in your environment. Ask the author for: (1) the executor source code or a trusted install URL (e.g., GitHub release), (2) a clear description of the sandboxing mechanism (Docker, firejail, gVisor, OS-level seccomp/cgroups) and how network/file access is restricted, and (3) a declared list of required binaries (python3, node, docker, etc.). If you must test, run it in a fully isolated environment (disposable VM or container) and verify the executor code before giving it access to sensitive files or credentials. If the author provides a trusted repository or a proper install spec and the executor code shows robust sandboxing, the assessment could move to benign.Like a lobster shell, security has layers — review code before you run it.
latestvk9712tt6321atcq3g34sjfq32583h8nv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.