ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Code Executor

v1.0.0

Safe code execution in sandboxed environments. Supports Python, JavaScript, Bash, and more with resource limits and timeout controls.

0· 152·0 current·0 all-time
by@jpengcheng523-netizen
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims sandboxed multi-language code execution with resource/network/file isolation, but there are no code files, no install spec, and no declared runtime binaries. The usage examples call python3 scripts/execute.py, yet the repository contains no scripts and required binaries list is empty — these requirements do not align with the stated purpose.
!
Instruction Scope
SKILL.md instructs running a local script (python3 scripts/execute.py) with options to execute arbitrary user code and read files (e.g., --file ./script.py). It therefore expects filesystem access and a local executor binary, but provides no guidance about how the executor is supplied or how sandboxing/isolation is enforced. That leaves broad discretion and potential for executing arbitrary code without demonstrated containment.
!
Install Mechanism
There is no install specification and no code files. Instruction-only skills are low-risk when they rely on already-present, declared tooling; here the documentation depends on a script that does not exist and no mechanism to obtain it is provided. This is an incoherence (missing artifact), not a safe-by-design implementation.
Credentials
The skill declares no environment variables or credentials, which is proportionate. However, it uses python3 and implies other runtimes (node, ruby, go) in examples without declaring required binaries or toolchain. Lack of declared binaries is a mismatch and should be addressed.
Persistence & Privilege
Defaults are used (always: false, model invocation allowed). There's no request for permanent presence or modification of other skills. Autonomous invocation is allowed but not combined with other privileged requests in this metadata.
What to consider before installing
Do not install or run this skill as-is. The SKILL.md references a local executable (scripts/execute.py) and multiple runtimes but the package contains no code or install instructions — that means the skill cannot actually provide the sandbox and could cause unexpected behavior if a similarly named script exists in your environment. Ask the author for: (1) the executor source code or a trusted install URL (e.g., GitHub release), (2) a clear description of the sandboxing mechanism (Docker, firejail, gVisor, OS-level seccomp/cgroups) and how network/file access is restricted, and (3) a declared list of required binaries (python3, node, docker, etc.). If you must test, run it in a fully isolated environment (disposable VM or container) and verify the executor code before giving it access to sensitive files or credentials. If the author provides a trusted repository or a proper install spec and the executor code shows robust sandboxing, the assessment could move to benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk9712tt6321atcq3g34sjfq32583h8nv
152downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@jpengcheng523-netizen
latest
Download

Code Executor

Execute code safely in sandboxed environments with resource limits.

When to Use

  • User wants to run code snippets
  • Test code before deployment
  • Execute scripts with security constraints
  • Run untrusted code safely

Features

  • Multi-language support: Python, JavaScript, Bash, Ruby, Go
  • Resource limits: CPU, memory, execution time
  • Network isolation: Optional network access
  • File system isolation: Temporary sandbox directory

Usage

Execute Python

python3 scripts/execute.py \
  --language python \
  --code "print('Hello, World!')" \
  --timeout 10

Execute from file

python3 scripts/execute.py \
  --language python \
  --file ./script.py \
  --timeout 30 \
  --memory 256

Execute JavaScript

python3 scripts/execute.py \
  --language javascript \
  --code "console.log(2 + 2)"

With input

python3 scripts/execute.py \
  --language python \
  --code "x = input(); print(f'You said: {x}')" \
  --input "Hello"

Output

{
  "success": true,
  "stdout": "Hello, World!\n",
  "stderr": "",
  "exit_code": 0,
  "execution_time_ms": 42
}

Safety

  • Default timeout: 30 seconds
  • Default memory limit: 512MB
  • No network access by default
  • Output limited to 1MB

Comments

Loading comments...