ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Python Executor

Execute Python code in a safe sandboxed environment via [inference.sh](https://inference.sh). Pre-installed: NumPy, Pandas, Matplotlib, requests, BeautifulSo...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 4.9k · 56 current installs · 56 all-time installs
byÖmer Karışman@okaris
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise a remote Python sandbox with many preinstalled libs; the SKILL.md documents exactly that (how to call infsh app run infsh/python-executor, input schema, examples). There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
The instructions tell the agent (and users) to call the inference.sh CLI to run arbitrary Python code and return outputs from an outputs/ folder. That is within the described purpose, but it inherently permits executed code to make arbitrary network requests and produce arbitrary files — expected for a general code-execution service, but worth noting because user data/code will be sent to a third-party runtime.
Install Mechanism
The skill itself has no install spec (instruction-only). SKILL.md recommends installing the inference.sh CLI via a curl | sh installer and points to dist.inference.sh for binaries and checksums. This is coherent with using a third-party CLI, but running remote install scripts carries the usual supply-chain risk; the SKILL.md claims checksum verification is available.
Credentials
No environment variables, credentials, or config paths are required by the skill metadata. The SKILL.md suggests using 'infsh login' which implies optional authentication for the CLI, but that credential is not declared as required by the skill (reasonable for a generic client).
Persistence & Privilege
The skill is not forced always-on (always:false) and uses default autonomous-invocation behavior. It does not request system-level persistence or modify other skills' configs according to the provided metadata.
Assessment
This skill delegates execution to a third-party service (inference.sh) that will run arbitrary Python code you send and return files from its outputs/ folder. That behavior matches the description, but consider these points before installing/using: (1) Avoid sending sensitive data, secrets, or private credentials as part of code or inputs because they will be transmitted to the remote runtime. (2) The SKILL.md recommends installing the CLI with a curl | sh installer — only run installers you trust and verify SHA-256 checksums from the provider. (3) Running code there can perform network requests (examples call external APIs and scrape websites); review any code you send for unintended exfiltration. (4) If you expect to authenticate the CLI (infsh login), treat those credentials like any other third-party API tokens and store them securely. Overall the skill is internally consistent with its stated purpose, but exercise normal caution when executing or uploading sensitive code/data to a remote sandbox.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.5
Download zip
latestvk972sp4ky4egkmqnvzpf0eznb581c1r9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Python Code Executor

Execute Python code in a safe, sandboxed environment with 100+ pre-installed libraries.

Python Code Executor

Quick Start

curl -fsSL https://cli.inference.sh | sh && infsh login

# Run Python code
infsh app run infsh/python-executor --input '{
  "code": "import pandas as pd\nprint(pd.__version__)"
}'

Install note: The install script only detects your OS/architecture, downloads the matching binary from dist.inference.sh, and verifies its SHA-256 checksum. No elevated permissions or background processes. Manual install & verification available.

App Details

PropertyValue
App IDinfsh/python-executor
EnvironmentPython 3.10, CPU-only
RAM8GB (default) / 16GB (high_memory)
Timeout1-300 seconds (default: 30)

Input Schema

{
  "code": "print('Hello World!')",
  "timeout": 30,
  "capture_output": true,
  "working_dir": null
}

Pre-installed Libraries

Web Scraping & HTTP

  • requests, httpx, aiohttp - HTTP clients
  • beautifulsoup4, lxml - HTML/XML parsing
  • selenium, playwright - Browser automation
  • scrapy - Web scraping framework

Data Processing

  • numpy, pandas, scipy - Numerical computing
  • matplotlib, seaborn, plotly - Visualization

Image Processing

  • pillow, opencv-python-headless - Image manipulation
  • scikit-image, imageio - Image algorithms

Video & Audio

  • moviepy - Video editing
  • av (PyAV), ffmpeg-python - Video processing
  • pydub - Audio manipulation

3D Processing

  • trimesh, open3d - 3D mesh processing
  • numpy-stl, meshio, pyvista - 3D file formats

Documents & Graphics

  • svgwrite, cairosvg - SVG creation
  • reportlab, pypdf2 - PDF generation

Examples

Web Scraping

infsh app run infsh/python-executor --input '{
  "code": "import requests\nfrom bs4 import BeautifulSoup\n\nresponse = requests.get(\"https://example.com\")\nsoup = BeautifulSoup(response.content, \"html.parser\")\nprint(soup.find(\"title\").text)"
}'

Data Analysis with Visualization

infsh app run infsh/python-executor --input '{
  "code": "import pandas as pd\nimport matplotlib.pyplot as plt\n\ndata = {\"name\": [\"Alice\", \"Bob\"], \"sales\": [100, 150]}\ndf = pd.DataFrame(data)\n\nplt.bar(df[\"name\"], df[\"sales\"])\nplt.savefig(\"outputs/chart.png\")\nprint(\"Chart saved!\")"
}'

Image Processing

infsh app run infsh/python-executor --input '{
  "code": "from PIL import Image\nimport numpy as np\n\n# Create gradient image\narr = np.linspace(0, 255, 256*256, dtype=np.uint8).reshape(256, 256)\nimg = Image.fromarray(arr, mode=\"L\")\nimg.save(\"outputs/gradient.png\")\nprint(\"Image created!\")"
}'

Video Creation

infsh app run infsh/python-executor --input '{
  "code": "from moviepy.editor import ColorClip, TextClip, CompositeVideoClip\n\nclip = ColorClip(size=(640, 480), color=(0, 100, 200), duration=3)\ntxt = TextClip(\"Hello!\", fontsize=70, color=\"white\").set_position(\"center\").set_duration(3)\nvideo = CompositeVideoClip([clip, txt])\nvideo.write_videofile(\"outputs/hello.mp4\", fps=24)\nprint(\"Video created!\")",
  "timeout": 120
}'

3D Model Processing

infsh app run infsh/python-executor --input '{
  "code": "import trimesh\n\nsphere = trimesh.creation.icosphere(subdivisions=3, radius=1.0)\nsphere.export(\"outputs/sphere.stl\")\nprint(f\"Created sphere with {len(sphere.vertices)} vertices\")"
}'

API Calls

infsh app run infsh/python-executor --input '{
  "code": "import requests\nimport json\n\nresponse = requests.get(\"https://api.github.com/users/octocat\")\ndata = response.json()\nprint(json.dumps(data, indent=2))"
}'

File Output

Files saved to outputs/ are automatically returned:

# These files will be in the response
plt.savefig('outputs/chart.png')
df.to_csv('outputs/data.csv')
video.write_videofile('outputs/video.mp4')
mesh.export('outputs/model.stl')

Variants

# Default (8GB RAM)
infsh app run infsh/python-executor --input input.json

# High memory (16GB RAM) for large datasets
infsh app run infsh/python-executor@high_memory --input input.json

Use Cases

  • Web scraping - Extract data from websites
  • Data analysis - Process and visualize datasets
  • Image manipulation - Resize, crop, composite images
  • Video creation - Generate videos with text overlays
  • 3D processing - Load, transform, export 3D models
  • API integration - Call external APIs
  • PDF generation - Create reports and documents
  • Automation - Run any Python script

Important Notes

  • CPU-only - No GPU/ML libraries (use dedicated AI apps for that)
  • Safe execution - Runs in isolated subprocess
  • Non-interactive - Use plt.savefig() not plt.show()
  • File detection - Output files are auto-detected and returned

Related Skills

# AI image generation (for ML-based images)
npx skills add inference-sh/skills@ai-image-generation

# AI video generation (for ML-based videos)
npx skills add inference-sh/skills@ai-video-generation

# LLM models (for text generation)
npx skills add inference-sh/skills@llm-models

Documentation

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…