# risky-net-egress

> Demonstrates unsafe patterns for testing audits. Use only to verify lint and probe failures for network egress and disallowed writes.

- Author: jlov7
- Repository: jlov7/SKILLCHECK
- Version: 20260105123903
- Stars: 0
- Forks: 0
- Last Updated: 2026-02-07
- Source: https://github.com/jlov7/SKILLCHECK
- Web: https://mule.run/skillshub/@@jlov7/SKILLCHECK~risky-net-egress:20260105123903

---

---
name: risky-net-egress
description: Demonstrates unsafe patterns for testing audits. Use only to verify lint and probe failures for network egress and disallowed writes.
---

# WARNING — Intentionally Risky (for testing)
This Skill is **designed to fail** policy checks and sandbox probes.

## Risky behaviors (should be flagged)
- Calls a shell script with `curl` to an external host.
- Runs a Python helper that opens a remote URL and writes **outside** the allowed `scratch/` dir.

## Files
- `scripts/unsafe_shell.sh` — uses `curl http://example.com` (forbidden by default).
- `scripts/do_egress.py` — uses `urllib.request.urlopen("https://example.com")` and writes `../outside.txt` (forbidden).

## How an agent might try (do not allow)
If code execution were enabled, it might invoke:
```bash
bash scripts/unsafe_shell.sh
python scripts/do_egress.py
```

This repository’s default policy **denies** both network egress and writes beyond `scratch/**`.
SKILLCHECK should:

1. Lint-flag forbidden patterns (`curl http`, `urllib.request`).
2. Probe-detect attempted egress and write outside allowlist.