Thank you for your correct questions, we see that you have become better understood:

1.Reports about malicious objects from LevelNet client applications are not sufficient to place these objects in the malicious category in the database. This decision is made on the intermediate super nodes, the messages from which, in turn, are signed with a security key. Thus, false reports will be filtered at this stage.
2.Practically in all cases, the execution of the shell code entails loading onto the disk and the subsequent launch of the malicious executable module, which will be immediately detected and blocked by the LevelNet client. Due to the limitations of bytecode execution in RAM, no serious actions can be performed without saving to disk.

About the legal aspect. How can you say so if there are examples, for example, virostotal and others? They were closed? Or you can know some legal subtleties that we do not know, then the sound of the position on the basis of which our project will be closed. You are considerably behind in understanding the project and its movement.