skill-validator

The code bundle contains multiple high-severity insecure coding patterns: arbitrary command execution via subprocess.run/os.system with untrusted input, arbitrary code execution via eval(), path traversal leading to sensitive file disclosure, and hardcoded credentials. These examples appear to be intentionally insecure demonstrations rather than obfuscated malware; nonetheless, if included in real projects they present a significant security risk and should be remediated before use. Follow remediation steps: remove shell=True, avoid eval, remove hardcoded secrets, validate inputs, and add error handling. Treat these snippets as unsafe templates and do not deploy them to production.