ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Safe Script Runner

v1.0.0

Forces the AI to use a "temporary file + environment variable isolation" workflow for script execution, completely resolving terminal freezes and escaping er...

1· 177·1 current·1 all-time
by@zaynzhu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (safe script runner, avoid inline shell execution) align with the SKILL.md workflow of creating temporary standalone script files and executing them instead of inline commands.
!
Instruction Scope
The instructions require creating, executing, and deleting temporary files in the project workspace and explicitly instruct adding temp_* to .gitignore; they also insist on loading environment variables inside those files (dotenv). These steps go beyond just avoiding shell-escaping problems because they give the agent permission to read workspace files (.env), write to repo config (.gitignore), and create script files that may contain sensitive data. The SKILL.md does not constrain what can be written into the temporary scripts or require human review before execution.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is downloaded or written by an installer. This is low-risk from an installation perspective.
!
Credentials
The skill instructs use of dotenv (import 'dotenv/config' or require('dotenv').config()) to explicitly load environment variables from project files, but the registry metadata declares no required credentials. Encouraging automatic loading of .env files gives the skill access to any secrets stored there and increases the chance sensitive values are written into temporary scripts or logged. The requirement to 'explicitly load environment variables rather than relying on external environment injection' is unusual and may be disproportionate to the stated purpose.
Persistence & Privilege
The skill is not set to always:true and does not install itself, but it instructs modifying .gitignore and creating files in the working directory. That requires write access to the repository/workspace and could change project configuration; this is a limited privilege but worth noticing.
What to consider before installing
This skill's approach (create temp_*.js/.ts files, run them, then delete) is coherent for avoiding shell-escaping and terminal hangs. However, it specifically instructs loading environment variables from the workspace (.env via dotenv) and editing .gitignore, which means the agent will read project secrets and modify repository files. Before installing or using this skill: 1) confirm you are ok with the agent creating and deleting files in your workspace; 2) avoid storing sensitive secrets in any .env file in the workspace or ensure they are not accessible to the agent; 3) require the agent to show the temporary script contents and get manual approval before execution; 4) review and approve any .gitignore changes before they are written; 5) prefer running such operations in an isolated test environment or container if you must allow automated script creation. If you expect the skill to never access secrets, ask the author to remove the explicit dotenv requirement and to require interactive approval for executing generated scripts.

Like a lobster shell, security has layers — review code before you run it.

latestvk971mg8ajyf10n9y4z5bsvtvfn8326p5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments