← Back to Skills Marketplace
jurgenw81

linux-command-guard

by Jurgenw81 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ✓ Security Clean
110
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install llm-shell-guard
Description
Blocks destructive Linux commands by enforcing allowlist execution, denylist checks, regex detection, protected paths, and approval for risky actions.
README (SKILL.md)

name: linux-command-guard-elite version: 1.0.0 description: Defense-in-depth Linux command safety skill for AI agents using allowlist-first policy, approval gates, denylist, regex detection, and protected-path checks. category: security tags:

  • security
  • linux
  • shell
  • command-execution
  • llm
  • agent-safety
  • openclaw
  • clawhub

Linux Command Guard Elite

Use this skill before any agent executes shell commands on Linux.

Mandatory policy

  1. Always prefer an allowlist over a denylist. If a command is not explicitly allowed, do not execute it.

  2. Denylists are only a backup layer. They help catch known-bad patterns, but they are not sufficient by themselves.

  3. Never trust wrappers or interpreters as inherently safe. Block or require separate sandbox policy for:

    • bash
    • sh
    • zsh
    • dash
    • python / python3
    • perl
    • ruby
    • node
    • php

  4. Require manual approval for high-risk commands and binaries, including:

    • sudo
    • su
    • mount / umount
    • systemctl / service
    • iptables / nft / ufw
    • docker / podman / kubectl / nsenter
    • chmod / chown / chattr
    • usermod / userdel / groupdel / passwd
    • package managers

  5. Never allow writes, deletes, moves, or redirects into protected system paths.

  6. Do not use this skill as the only control. Also run the agent in:

    • a sandbox or microVM
    • non-root mode
    • resource-limited environment
    • network-restricted environment when possible

Recommended execution flow

  1. Parse the command safely.
  2. Reject command substitution, shell chaining, and redirect abuse.
  3. Reject wrappers and interpreters unless a stricter child policy is applied.
  4. Check allowlist.
  5. Check high-risk approval rules.
  6. Check denylist and regex rules.
  7. Check protected-path access.
  8. Execute only if the command is explicitly safe.

Strong recommendation

Keep the allowlist small and read-only by default.

Usage Guidance
This skill appears coherent and implements an allowlist-first command-checker as described. Before installing or enabling it: 1) Verify your agent integration actually calls this check before executing shell commands (a policy file alone does nothing unless invoked). 2) Do not rely on this as the sole defense — run agents non-root in sandboxes/microVMs with resource and network limits. 3) Review and lock the allowlist and approval_required lists to match your security posture (the default allowlist is intentionally small). 4) Test the packaged rules in a controlled environment to ensure regex and tokenization behave as you expect (there is a stray backtick line in regex_rules.txt that is benign but worth validating against your Python RE engine). 5) If you need stronger guarantees, couple this with OS-level controls (seccomp/AppArmor/SELinux) and a manual approval workflow for the binaries marked as high-risk.
Capability Analysis
Type: OpenClaw Skill Name: llm-shell-guard Version: 1.0.1 The skill is a defensive security tool designed to validate Linux commands before execution by an AI agent. It implements an allowlist-first policy, blocks shell wrappers and interpreters (e.g., bash, python), detects dangerous shell operators (pipes, redirects, command substitution), and prevents writes to protected system paths like /etc and /root. The logic in linux_command_guard/checker.py and the comprehensive rule sets in the rules/ directory are consistent with its stated purpose of providing defense-in-depth for agent-led shell execution.
Capability Assessment
Purpose & Capability
Name/description (allowlist-first Linux command guard) aligns with the included Python package, rule files, and tests. All required files and logic relate to parsing commands, applying allowlist/denylist/regex/protected-path checks, and reporting decisions; there are no unrelated credentials, binaries, or endpoints requested.
Instruction Scope
SKILL.md directs the agent to run this policy before executing shell commands and describes the intended flow. The runtime code only reads local rule files bundled with the package and does not access external endpoints, unrelated system files, or environment variables beyond normal execution. The instructions are not open-ended and do not tell the agent to exfiltrate data or inspect unrelated config.
Install Mechanism
No install spec is provided; the skill is instruction-only at the registry level but includes a local Python package (no remote downloads, no installers). The project is self-contained and uses only local rule files and tests—no high-risk download or extract steps are present.
Credentials
The skill requests no environment variables, credentials, or external config paths. All rule data is stored in packaged text files, which is proportionate to the stated purpose.
Persistence & Privilege
Skill flags are default (always: false, user-invocable: true). The skill does not attempt to persist beyond its package files or modify other skills. Note: model invocation is allowed by default (disable-model-invocation is false) — this is platform default and not itself a red flag.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install llm-shell-guard
  3. After installation, invoke the skill by name or use /llm-shell-guard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Initial release as "linux-command-guard-elite" with expanded defense-in-depth features: - Renamed and rebranded the skill from "linux-command-guard" to "linux-command-guard-elite". - Introduced stricter allowlist-first enforcement, with detailed approval policies for high-risk commands and interpreters. - Added granular rule files: allowlist, denylist, approval-required, protected paths, and regex-based detection. - Implemented robust policy checks for protected system paths and command patterns. - Updated documentation for advanced security requirements, mandatory policy flow, and strong usage recommendations. - Added test suite and necessary project metadata for enhanced maintainability.
v1.0.0
Initial release of linux-command-guard: - Enforces a defensive shell execution policy with layered allowlist, protected path, and denylist checks. - Requires human approval for high-risk, potentially destructive Linux commands. - Includes guidance on safer alternatives, explicit hard refusals, and isolating execution in sandboxes or microVMs. - Provides policy data and scripts for allowlist, denylist, protected paths, and high-risk command detection. - Defines a standard output format for command evaluation: ALLOW, REVIEW, or BLOCK, with reasoning and safer alternatives. - Promotes security best practices: non-root execution, isolation, and never disabling protections to "get the task done."
Metadata
Slug llm-shell-guard
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is linux-command-guard?

Blocks destructive Linux commands by enforcing allowlist execution, denylist checks, regex detection, protected paths, and approval for risky actions. It is an AI Agent Skill for Claude Code / OpenClaw, with 110 downloads so far.

How do I install linux-command-guard?

Run "/install llm-shell-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is linux-command-guard free?

Yes, linux-command-guard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does linux-command-guard support?

linux-command-guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created linux-command-guard?

It is built and maintained by Jurgenw81 (@jurgenw81); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments