Menu
Execute Python code safely by checking for dangerous operations first. ALWAYS use when running agent-generated Python code.
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
Google-style docstring conventions for Python code. Apply when writing or reviewing functions, classes, or modules that need documentation.
Python naming conventions for this codebase. Apply when writing or reviewing Python code including functions, classes, variables, and constants.
Python type hint conventions for this codebase. Apply when writing or reviewing Python code that needs type annotations on functions, classes, or variables.
Essential Pythonic idioms and conventions. Apply when writing or reviewing Python code to ensure idiomatic patterns like comprehensions, built-in functions, context managers, and unpacking.
Python code organization conventions for this codebase. Apply when structuring modules, organizing imports, designing file layouts, or moving functions/classes within or between files. Use PROACTIVELY when users request to check code organization, move code, or clean up and reorganize a module.
Refactoring complex functions into smaller, pure helper functions. Apply when function complexity is exceeded or when extracting helper functions during refactoring. If tasked with fixing ruff lint errors related to complexity, ALWAYS trigger this skill.
| name | run-python-safely |
| description | Execute Python code safely by checking for dangerous operations first. ALWAYS use when running agent-generated Python code. |
| argument-hint | <-c "code" | -f file.py> |
Execute Python code safely by performing AST-based static analysis to detect potentially dangerous operations before execution.
Agents MUST use this skill when executing any Python code they have generated.
This is a CRITICAL RULE for all agents in this repository. Before running Python code via Bash:
Exceptions (when you can skip this skill):
uv run pytestuv run .claude/scripts/validate_code.pyruff format, ty check)Use this skill when you need to run Python code that you've generated. The skill analyzes the code for dangerous patterns and either:
# Execute inline code
uv run .claude/scripts/run_python_safely.py -c "print(2 + 2)"
# Execute code from file
uv run .claude/scripts/run_python_safely.py -f script.py
# Execute with custom timeout (in seconds)
uv run .claude/scripts/run_python_safely.py -t 60 -c "print('done')"
| Code | Meaning |
|---|---|
| 0 | Code executed successfully |
| 1 | Code blocked due to safety concerns |
| 2 | Usage error or file not found |
| 3 | Execution timed out (default 5 minutes, configurable via -t) |
[EXECUTED]
<stdout from executed code>
[BLOCKED] Code execution blocked due to safety concerns:
- Import: os (file system and process operations)
- Builtin: eval (arbitrary code execution)
If this code is safe, ask the user for permission to run directly.
The following imports are blocked because they can access the file system, network, or execute arbitrary code:
os, sys, subprocess - System and process operationsshutil - High-level file operationssocket, requests, httpx, urllib, ftplib - Network operationspickle, shelve, marshal - Serialization (arbitrary code execution risk)ctypes - C library accessmultiprocessing, threading - Process/thread spawningimportlib, builtins - Dynamic import/builtin accessThese builtin functions are blocked:
eval, exec, compile - Arbitrary code executionopen - File system access__import__ - Dynamic module importgetattr, setattr, delattr - Dynamic attribute accessglobals, locals, vars - Namespace accessbreakpoint - Debugger invocationinput - User input during executionThese method names are blocked on any object (may have rare false positives):
write_text, write_bytes, touch - File creation/writingmkdir, rmdir, unlink, rmtree - Directory/file deletionrename, replace - File/directory movingsymlink_to, hardlink_to, link_to - Link creationchmod, lchmod - Permission modificationIf the skill blocks code that you believe is safe:
python -c "code" or python script.py directlyThe following are always allowed:
math, json, re, datetime, collections, itertools, functools, pathlib (read operations), etc.print, len, str, int, list, dict, range, enumerate, zip, map, filter, etc.Path.read_text(), Path.read_bytes(), Path.exists(), Path.is_file(), etc.The following modules are intentionally NOT blocked:
tempfileAllows agents to create temporary working files for intermediate results. The tempfile module creates files in system temp directories that are automatically cleaned up. This is useful for:
Note: While tempfile can create files, these are confined to temp directories and don't pose the same risk as arbitrary filesystem access via os or shutil.
asyncioAllows agents to use async/await patterns for concurrent operations. While asyncio can spawn concurrent tasks, it doesn't directly cause filesystem damage or network access (those would still be blocked by their respective module checks).
# Math computation
import math
print(math.sqrt(16))
# JSON processing
import json
data = {"key": "value"}
print(json.dumps(data))
# List comprehension
squares = [x**2 for x in range(10)]
print(squares)
# BLOCKED: os import
import os
os.system("ls")
# BLOCKED: open builtin
with open("file.txt", "w") as f:
f.write("data")
# BLOCKED: unlink method
from pathlib import Path
Path("file.txt").unlink()