Hi,
Generally, lambdabot relies on SafeHaskell and not running user-supplied IO actions for safety. This is unlikely to be bullet-proof, so it's advisable to sandbox mueval. However, the @check command violated this basic principle, and allowed running arbitrary IO actions.
This was deliberately vague. The point is that @check took an arbitrary value of type Property, and ran it. That type is based on IO, and there are actually direct ways of incorporating an IO action into a Property: * ioProperty (alias morallyDubiousIOProperty) * whenFail, whenFail' In the end, rather than trying to control whether these functions are imported (which would be a fool's errand, because Test.QuickCheck is a Safe module, and can be reexported from other modules), I came up with the QuickCheck-safe design whose SProperty type does not embed IO anywhere. Cheers, Bertram