CHECK
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is advertised as an environment checker, but the package also includes extra skills that can run code and system commands, attempt elevated execution, install packages, and manage persistent files.
Only install this if you intend to use the full development-skills bundle, not just an environment checker. Review or disable the command runner, code tester, permission manager, and RAG manager components; run package installs and generated code inside a virtual environment or sandbox; and approve every command before it executes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing what appears to be one checker skill may also make higher-impact tools available to the agent.
The package declares multiple additional skills beyond the CHECK/SKILL.md environment-checker purpose, including code execution, file management, and permission-management capabilities.
"skills": [{"skillName": "environment_checker"...}, {"skillName": "code_generator_tester"...}, {"skillName": "rag_manager"...}, {"skillName": "permission_manager"...}, {"skillName": "universal_permission_manager"...}]Split the bundle into separate skills or clearly declare all included capabilities, permissions, and entry points before installation.
If invoked, the agent could run powerful local commands that change files, settings, packages, or services.
A user-supplied command string can be passed to the system shell, which is a broad command-execution interface with unclear guardrails.
def run_with_elevated_privileges(self, command: str) ... result = subprocess.run(command, shell=True, capture_output=True, text=True, timeout=60)
Require explicit user confirmation for every command, avoid shell=True, restrict commands to an allowlist, and show the exact command before execution.
Commands may run with elevated privileges, increasing the impact of mistakes or unsafe agent actions.
The permission manager attempts to run arbitrary commands through sudo on Linux and also has admin-aware execution paths on Windows.
result = subprocess.run(['sudo'] + command.split(), capture_output=True, text=True, timeout=60)
Do not grant elevated permissions by default; require manual user approval and limit elevated actions to narrowly documented repair commands.
Generated or test code could execute with the user's local permissions and affect the machine if not sandboxed.
The code generator writes generated or supplied code to temporary files and executes it locally, including Python and Bash paths.
temp_file.write(generated_code) ... subprocess.run([sys.executable, file_path] ... timeout=30) ... subprocess.run(["bash", file_path] ... timeout=30)
Run generated code only in a sandbox or disposable workspace, and require explicit approval before execution.
Persistent knowledge or project metadata could be modified, deleted, or reused across tasks in ways the user did not expect from an environment checker.
The bundle includes a persistent RAG/knowledge-management component with file read/write/delete permissions, but the primary skill description does not define storage paths, retention, or reuse boundaries.
"skillName": "rag_manager", "description": "管理多个RAG系统,按类别组织并支持动态创建新分类", "permissions": ["read_files", "write_files", "delete_files"]
Document where RAG data is stored, restrict it to a dedicated workspace, and require user approval for deletes or imports.
Package installation can change the Python environment and may install large or unexpected dependencies.
Automatic pip installation of missing packages is disclosed and purpose-aligned, but packages are installed unpinned from the package ecosystem.
subprocess.run([sys.executable, "-m", "pip", "install", pkg], capture_output=True, text=True, timeout=300)
Use a virtual environment, review the package list first, and prefer pinned versions or a requirements file.