ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claude Code Runner

v0.1.0

Execute programming tasks via Claude Code using PTY-based invocation. Handles non-TTY environments, auto-responds to prompts, and manages file synchronization.

1· 1.1k·10 current·10 all-time
byholenlin@lhl09120
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description match the included script: PTY execution, auto-respond, file sync, and user switching. Minor metadata mismatch: registry metadata lists no required binaries, but documentation and clawhub.json require the 'claude' tool to be installed and in PATH.
!
Instruction Scope
Runtime instructions and the script operate on arbitrary project directories, copy them to a temp dir, change ownership, run a shell command that includes the user-supplied prompt, and sync modifications back — all expected for this use case but risky. Critically, the command is built into a single shell -c string with the raw prompt interpolated (f'... claude --print "{prompt}" ...'), enabling shell injection if the prompt or path contains special characters. The skill also requires root/sudo to chown and switch users, so a malicious or malformed prompt could execute arbitrary commands as the target user.
Install Mechanism
Instruction-only skill (no install spec). SKILL.md instructs cloning a GitHub repo and marking the script executable — standard for an instruction-only package. No downloads from unknown hosts or archives are present in the registry metadata.
Credentials
No required environment variables or credentials are declared. Optional env vars (CLAUDE_CODE_USER, CLAUDE_CODE_TIMEOUT) are documented but not required. The need for root/sudo to change ownership and perform user switching is legitimate given the feature set, but requesting that privilege increases risk and should be minimized.
Persistence & Privilege
Skill does not request persistent installation or always:true. It needs elevated privileges at runtime (root/sudo) to perform chown and su operations, which is a normal requirement for user-switching but raises risk if run on sensitive systems.
What to consider before installing
This skill is coherent with its stated purpose (running Claude in a PTY and syncing changes), but it contains a high-risk programming error: the script builds a shell command by interpolating the user-provided prompt directly into su -c "...". That makes it possible for specially crafted prompts or paths to execute arbitrary shell commands as the target user. Before installing or running this skill: (1) review the scripts locally — do not run it on production hosts; (2) run it in an isolated container or VM with no sensitive data and minimal privileges; (3) if you plan to use it, patch the script to avoid shell interpolation (use subprocess with an argument list, avoid shell=True/su -c with unescaped data, safely escape paths/prompts); (4) avoid running it as root when possible — run with least privilege and a dedicated user; (5) verify the origin of the repository (the SKILL.md recommends cloning from GitHub but the registry source is unknown). Because of the shell-injection risk and the file-write privileges, treat this skill as suspicious until the unsafe command construction is fixed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fye1vmayadnq7cbthvhbmk981zme2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments