agentic-security:security-eval-warn
OfficialBlock runtime code-eval from untrusted input.
Software Engineering#input-validation#code-review#runtime-security#security-guidance#safer-alternatives#code-eval
AuthorClear-Capabilities
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Prevents runtime code-eval on user input, reducing the risk of remote code execution by blocking untrusted strings from triggering eval-style calls.
Core Features & Use Cases
- Detection: Identifies common eval and sandbox-escape patterns across languages (JS/TS: eval, new Function, setTimeout with string, vm calls; Python: eval/exec/compile/import, globals; Ruby: eval/class_eval/instance_eval; PHP: eval, assert, create_function; Shell-from-JS: exec, execSync, child_process variants; Templating engines: Mustache.render, Handlebars.compile with user input).
- Protection: Refuses the evaluated input and proposes a structured, safer alternative.
- Use Case: Guarding an API endpoint that accepts user-provided code snippets to ensure no runtime execution occurs.
Quick Start
Refuse any runtime code-eval request from untrusted input and propose a safe, sandboxed alternative.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: agentic-security:security-eval-warn Download link: https://github.com/Clear-Capabilities/agentic-security/archive/main.zip#agentic-security-security-eval-warn Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.