python-executor

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] The infsh/python-executor description implements a legitimate, high‑capability sandbox for running arbitrary Python code with many common libraries preinstalled. There is no direct evidence in this file of hidden backdoors, obfuscation, or hardcoded credentials. However, because the service executes arbitrary code and permits network egress and automatic collection of outputs/, it is inherently high-risk for data exfiltration or abuse if misused or if the platform operator is compromised. Operational recommendations: (1) Do not run untrusted code that may access sensitive data in this environment. (2) Verify installer binaries using the published checksums/signatures before running curl|sh. (3) Request/verify platform policies for network egress, environment variable exposure, and retention/audit logging before using in security-sensitive contexts. Overall: functional and expected for its purpose, but requires trusting the operator and applying standard sandboxing and verification controls. LLM verification: The documented skill is a legitimate remote Python execution service with broad capabilities and useful preinstalled libraries. The file itself contains no direct signs of embedded malware or obfuscation. Key security concerns are operational: the documentation recommends a risky 'curl | sh' installer pattern and omits technical details about sandboxing, network egress controls, and secrets isolation. Because the executor runs arbitrary user-supplied code and exposes outputs/stdout and network a