AI Dev Runtime
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ai-dev-runtime Version: 0.5.0 The skill bundle defines high-risk capabilities including arbitrary terminal command execution (run_terminal), file system modification (edit, apply_patch), and reading local files (read_file) via a local HTTP server (defaulting to localhost:8000). While these tools are aligned with the stated purpose of an 'AI Dev Runtime' in SKILL.md, the broad permissions granted to the AI agent to execute shell commands and access the file system represent a significant attack surface for potential abuse or accidental damage, fitting the criteria for suspicious risky capabilities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly, the agent could change project files or run local commands with effects beyond the intended coding task.
The skill explicitly exposes file mutation, patching, terminal execution, tests, and batch coding workflows, but the artifact does not define command/path limits or approval gates.
read_file, search, edit, edit_multi, apply_patch, find_references, call_hierarchy, run_terminal, run_tests ... Batch task execution (multi-step coding)
Use only in trusted repositories, request a plan and diff before edits, approve terminal commands explicitly, and prefer a sandbox or least-privileged environment.
The safety of the skill depends heavily on whatever AiDevRuntime server is running locally, which is outside the reviewed artifact set.
The skill depends on a separate command/local HTTP runtime, but the supplied artifacts include no code or install spec to verify that runtime before it receives edit and terminal tasks.
command-tool: ai_dev_runtime_command ... Set AI_DEV_RUNTIME_URL (default http://localhost:8000) and optionally AI_DEV_RUNTIME_API_KEY. Ensure AiDevRuntime HTTP server is running.
Install/run AiDevRuntime only from a verified source, pin versions where possible, and review the server’s permissions before connecting this skill to it.
Past memory entries could affect future code changes or reveal prior project details if memory is not scoped and reviewed.
The runtime is instructed to retrieve and reuse persistent memory snippets in future coding tasks, which can influence later edits and may contain sensitive or stale code context.
hybrid semantic+keyword search, learning memory ... use memory_search to find similar past fixes ... Pass the snippets as prior_memory so Runtime can use them.
Check where memory is stored, how it is cleared, and whether memory entries are scoped per project before enabling learning memory.
A runtime API key may grant access to local dev actions, so mishandling or over-scoping it could expose control of the runtime.
The skill supports an optional API key for the runtime, but the registry metadata does not declare required credentials or environment variables.
Set AI_DEV_RUNTIME_URL (default http://localhost:8000) and optionally AI_DEV_RUNTIME_API_KEY.
Use a scoped key if supported, avoid sharing it with unrelated tools, and do not point the runtime URL at an untrusted remote server.