Skip to main content

code-executor

Facilitates efficient multi-tool MCP workflows by executing TypeScript or Python code through a subagent, optimizing token usage.

Install this skill

or
67/100

Security score

The code-executor skill was audited on Feb 19, 2026 and we found 9 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 297

Template literal with variable interpolation in command context

SourceSKILL.md
297console.log(`Processed ${jsonFiles.length} files, ${allData.length} records`);
low line 101

Access to hidden dotfiles in home directory

SourceSKILL.md
101MCP_CONFIG_PATH=~/.claude/subagent-mcp.json deno run --allow-read --allow-run --allow-env /tmp/script.ts
low line 195

Access to hidden dotfiles in home directory

SourceSKILL.md
195MCP_CONFIG_PATH=~/.claude/subagent-mcp.json deno run --allow-read --allow-run --allow-env /tmp/your-script.ts
low line 256

Access to hidden dotfiles in home directory

SourceSKILL.md
256MCP_CONFIG_PATH=~/.claude/subagent-mcp.json deno run --allow-read --allow-run --allow-env /tmp/aggregate-files.ts
medium line 318

Access to hidden dotfiles in home directory

SourceSKILL.md
318The `<server>` name comes from the subagent's MCP configuration file (`.mcp.json` or `~/.claude/subagent-mcp.json`).
medium line 416

Access to hidden dotfiles in home directory

SourceSKILL.md
416- CRITICAL: Set `MCP_CONFIG_PATH=~/.claude/subagent-mcp.json` before command
medium line 419

Access to hidden dotfiles in home directory

SourceSKILL.md
419- Example: `MCP_CONFIG_PATH=~/.claude/subagent-mcp.json deno run --allow-read --allow-run --allow-env script.ts`
medium line 470

Access to hidden dotfiles in home directory

SourceSKILL.md
470- CRITICAL: Bash execution must set `MCP_CONFIG_PATH=~/.claude/subagent-mcp.json`
medium line 472

Access to hidden dotfiles in home directory

SourceSKILL.md
472- Verify config file exists: `ls -la ~/.claude/subagent-mcp.json`
Scanned on Feb 19, 2026
View Security Dashboard
Installation guide →
GitHub Stars 106
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawapibackenddata-engineerml-ai-engineerbackend-developerdevelopment
majiayu000/claude-skill-registry