Csharp Dotnetcore Natasha
v3.3.0This skill should be used when developers need to create dynamic C# features at runtime, including dynamic class generation, dynamic method creation, accessi...
⭐ 0· 47·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the actual content: SKILL.md and referenced docs exclusively describe Natasha-based runtime C# compilation, dynamic class/delegate generation, load-context/domain management, and private-member access features. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
The instructions fully cover how to compile, load, and execute arbitrary C# code and explicitly show patterns for creating plugin systems and accessing private/internal members (via IgnoreAccessibility and ToAccessPrivateTree). This is expected for a dynamic-compilation skill, but it means the skill encourages actions (running user-supplied code and reaching into private state) that can expose secrets or escalate privileges if used on untrusted inputs.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute — lowest install risk. The SKILL.md recommends adding NuGet packages to the user's project (standard and proportional to the stated functionality).
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The examples reference writing a file-based using-code cache (Natasha.Namespace.cache) which is coherent for caching but should be considered when running in constrained or multi-tenant environments.
Persistence & Privilege
The skill is not always-enabled and does not request system-level or cross-skill configuration changes. It does recommend writing a file cache to disk in some modes, which is expected behavior for performance caching and not an elevated privilege by itself.
Assessment
This skill is coherent with its stated purpose (runtime C# compilation using Natasha), but it documents and encourages powerful operations: compiling and executing arbitrary code and accessing private/internal members of types. Before using or deploying this skill:
- Do not compile or execute untrusted user-supplied code inside sensitive processes. Treat dynamic scripts as untrusted input unless you fully control their source.
- Accessing private/internal members (IgnoreAccessibility / ToAccessPrivateTree) can expose secrets or internal state; restrict this to trusted code and consider code-review/auditing controls.
- When using file caching (WithFileUsingCache) be aware that cache files are written to disk (Natasha.Namespace.cache); ensure file locations and permissions are acceptable for your environment.
- Prefer sandboxing the runtime that executes compiled plugins (separate process, container, or restricted AppDomain/AssemblyLoadContext) to limit blast radius.
- No environment variables or credentials are requested by the skill, but you should still review any dynamically compiled code for accidental or deliberate exfiltration (file access, network calls, reflection).
If you need a higher-assurance assessment, provide the exact deployment scenario (where compiled code will run, who supplies plugin code, whether process-level isolation is available) and I can suggest concrete mitigation controls.Like a lobster shell, security has layers — review code before you run it.
latestvk97e2jrdvwtmm64fmhz5dpnb9x83w03g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.