代码自动运行和修复
v1.0.0自动运行并调试 Python、C 和 x86_64 汇编代码,错误时自动修复并返回可执行版本。
⭐ 0· 53·0 current·0 all-time
by@zyk-404
MIT-0
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill implements running and repairing Python, C, and x86_64 assembly by writing temp files, invoking python3, gcc, nasm, ld, linking and executing binaries — this is consistent with the stated purpose. However, the registry metadata claims no required system binaries while the code clearly depends on python3, gcc, nasm, ld (and a working linker). The missing declaration of these runtime dependencies is an incoherence and should be corrected.
Instruction Scope
SKILL.md and the code instruct the agent to accept arbitrary user code, execute it, capture errors, call clawhub.llm to produce fixed code, then execute again. The instructions do not mention any sandboxing, I/O/network restrictions, or resource limits beyond a default subprocess timeout. Running arbitrary compiled code on the host can access files, network, and other resources — the scope is broader than the SKILL.md documents (no safety/sandbox guidance).
Install Mechanism
There is no install spec (instruction-only/MCP script) which reduces installation risk. requirements.txt lists mcp[server] and clawhub — expected for an MCP skill that calls clawhub.llm. No downloads from external URLs or archive extraction are present. Still, the skill will rely on host-provided native tools (gcc, nasm, ld, python3) at runtime, which are not declared in the registry metadata.
Credentials
The skill does not request any environment variables or external credentials in requires.env, which is proportionate. It calls clawhub.llm.generate — likely relying on the platform's internal LLM bindings rather than explicit API keys, which can be acceptable but should be documented. There are no declared secrets, but the skill's runtime behavior (executing arbitrary code) creates high potential for data exposure even without explicit credential requests.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It registers three tools via an MCP server and runs as a normal skill process. It does write temporary files and deletes them; it does not modify other skills or global agent config.
What to consider before installing
This skill does what it says (runs and auto-fixes code), but be cautious: it executes arbitrary user-supplied programs (compiled C/assembly and Python) on the host. Before installing, consider: 1) Only run this in an isolated, sandboxed environment (container/VM) because binaries could read files, access network, or perform malicious actions. 2) Require the registry metadata to list required system binaries (python3, gcc, nasm, ld) so you can ensure they exist in the sandbox. 3) Ask the publisher to document any resource limits (timeouts, memory), the exact behavior of clawhub.llm.generate, and whether the platform enforces sandboxing. 4) If you cannot guarantee isolation, do not install or invoke this skill with untrusted code. The mismatch between declared dependencies and actual runtime requirements is the main incoherence here.Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
代码自动执行与修复 Skill
功能介绍
支持自动运行 Python / C / 汇编代码,捕获报错后使用龙虾平台内置 LLM 自动修复,并直接返回修复后的完整代码,实现代码运行-报错-修复-更新全自动化闭环。
支持语言
- Python
- C 语言
- x86_64 汇编
提供工具
- run_python:执行并自动修复 Python 代码
- run_c:编译、执行并自动修复 C 代码
- run_assembly:汇编、链接、执行并自动修复 x86_64 汇编代码
使用说明
用户传入代码 → 自动运行 → 捕获错误 → 龙虾 LLM 修复 → 返回最终可运行代码
Files
4 totalSelect a file
Select a file to preview.
Comments
Loading comments…