repo runner
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherently designed to clone, inspect, install, and run user-selected GitHub projects, with disclosed safeguards, but users should review commands because third-party repo docs and code are untrusted.
Before installing, understand that this skill is meant to run arbitrary GitHub projects locally. Review every proposed command, require confirmation for dependency installs and Docker, avoid secrets, and prefer isolation for unfamiliar repositories. The provided artifacts do not show hidden exfiltration, destructive behavior, or persistence.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A repository’s docs could influence what commands the agent proposes or runs, so a hostile repo may try to trick the workflow.
The skill intentionally uses untrusted repository documentation to choose setup and run commands. That is purpose-aligned, but a malicious README could try to steer the agent toward unsafe or unrelated actions.
get the project running **as its docs intend** ... Prefer `README.md` + `docs/` ... Use the docs’ recommended run target
Keep repo docs untrusted, review the exact command list before execution, and reject instructions that ask for secrets, system-wide changes, or actions unrelated to running the project.
Running an untrusted project can execute dependency scripts, start services, use network access, consume disk/CPU, or modify files inside the workspace.
The workflow can install dependencies, build code, run project commands, and start Docker services from a user-selected repository. This is the core purpose and requires confirmation, but it can execute third-party code locally.
Install dependencies (after confirmation, based on project type) ... `npm ci` ... `pip install -r requirements.txt` ... `cargo build` / `cargo test` / `cargo run` ... `docker compose up`
Use this only for repositories you intend to run, prefer an isolated workspace or container, approve dependency installs and Docker use explicitly, and avoid providing secrets unless truly required.