ClawHub
Back to skill
v0.1.5

Python Executor

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:24 AM.

Analysis

This skill coherently provides a remote Python execution service, but users should notice that it relies on a third-party CLI/account and can run broad Python code with network access.

GuidanceInstall only if you trust inference.sh, verify the CLI installer/checksum, and review any Python code that will run—especially code involving private data, API calls, or generated files.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
curl -fsSL https://cli.inference.sh | sh && infsh login

The documented setup installs a CLI by piping a remote script into a shell. This is disclosed and user-directed, but it depends on a remote installer outside the reviewed artifact.

User impactInstalling the CLI requires trusting inference.sh's installation script and downloaded binary.
RecommendationVerify the installer source and checksum, or use the documented manual installation path before logging in.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
"code": "print('Hello World!')"

The input schema accepts arbitrary Python code for execution. This is the skill's stated purpose and is routed through the provider sandbox, but it remains a powerful capability.

User impactThe agent can submit generated Python code that may make web requests, process data, or create returned files.
RecommendationReview sensitive or high-impact code before running it, especially code that contacts external services or processes private data.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
infsh login

The skill requires or expects logging into the inference.sh CLI, so it will use a provider account/session even though registry metadata lists no primary credential.

User impactRuns may be associated with the user's inference.sh account and any account limits, billing, or permissions tied to that login.
RecommendationUse an account appropriate for this purpose and understand what permissions or charges the infsh CLI session may have.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Execute Python code in a safe sandboxed environment via [inference.sh](https://inference.sh)

The execution environment is provided by an external service, so submitted code, inputs, and outputs cross a provider boundary.

User impactPrivate data included in code, inputs, API responses, or generated output files may be processed by the external provider.
RecommendationAvoid sending secrets or sensitive datasets unless the provider's privacy, retention, and security terms are acceptable.