ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Python Executor

v0.1.5

Execute Python code in a safe sandboxed environment via [inference.sh](https://inference.sh). Pre-installed: NumPy, Pandas, Matplotlib, requests, BeautifulSo...

3· 6.5k·81 current·81 all-time
byÖmer Karışman@okaris
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise a remote Python sandbox with many preinstalled libs; the SKILL.md documents exactly that (how to call infsh app run infsh/python-executor, input schema, examples). There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
The instructions tell the agent (and users) to call the inference.sh CLI to run arbitrary Python code and return outputs from an outputs/ folder. That is within the described purpose, but it inherently permits executed code to make arbitrary network requests and produce arbitrary files — expected for a general code-execution service, but worth noting because user data/code will be sent to a third-party runtime.
Install Mechanism
The skill itself has no install spec (instruction-only). SKILL.md recommends installing the inference.sh CLI via a curl | sh installer and points to dist.inference.sh for binaries and checksums. This is coherent with using a third-party CLI, but running remote install scripts carries the usual supply-chain risk; the SKILL.md claims checksum verification is available.
Credentials
No environment variables, credentials, or config paths are required by the skill metadata. The SKILL.md suggests using 'infsh login' which implies optional authentication for the CLI, but that credential is not declared as required by the skill (reasonable for a generic client).
Persistence & Privilege
The skill is not forced always-on (always:false) and uses default autonomous-invocation behavior. It does not request system-level persistence or modify other skills' configs according to the provided metadata.
Assessment
This skill delegates execution to a third-party service (inference.sh) that will run arbitrary Python code you send and return files from its outputs/ folder. That behavior matches the description, but consider these points before installing/using: (1) Avoid sending sensitive data, secrets, or private credentials as part of code or inputs because they will be transmitted to the remote runtime. (2) The SKILL.md recommends installing the CLI with a curl | sh installer — only run installers you trust and verify SHA-256 checksums from the provider. (3) Running code there can perform network requests (examples call external APIs and scrape websites); review any code you send for unintended exfiltration. (4) If you expect to authenticate the CLI (infsh login), treat those credentials like any other third-party API tokens and store them securely. Overall the skill is internally consistent with its stated purpose, but exercise normal caution when executing or uploading sensitive code/data to a remote sandbox.

Like a lobster shell, security has layers — review code before you run it.

latestvk972sp4ky4egkmqnvzpf0eznb581c1r9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments