repo runner
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A repository’s docs could influence what commands the agent proposes or runs, so a hostile repo may try to trick the workflow.
The skill intentionally uses untrusted repository documentation to choose setup and run commands. That is purpose-aligned, but a malicious README could try to steer the agent toward unsafe or unrelated actions.
get the project running **as its docs intend** ... Prefer `README.md` + `docs/` ... Use the docs’ recommended run target
Keep repo docs untrusted, review the exact command list before execution, and reject instructions that ask for secrets, system-wide changes, or actions unrelated to running the project.
Running an untrusted project can execute dependency scripts, start services, use network access, consume disk/CPU, or modify files inside the workspace.
The workflow can install dependencies, build code, run project commands, and start Docker services from a user-selected repository. This is the core purpose and requires confirmation, but it can execute third-party code locally.
Install dependencies (after confirmation, based on project type) ... `npm ci` ... `pip install -r requirements.txt` ... `cargo build` / `cargo test` / `cargo run` ... `docker compose up`
Use this only for repositories you intend to run, prefer an isolated workspace or container, approve dependency installs and Docker use explicitly, and avoid providing secrets unless truly required.