← Back to Skills Marketplace
401
Downloads
0
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install my-shell
Description
Runs shell commands inside a dedicated tmux session named claw, captures output, and prompts before executing potentially destructive commands.
Usage Guidance
Don't install this skill into sensitive agents as-is. The handler constructs a shell command string and only escapes double quotes, so user-supplied content containing shell substitutions (e.g., $(...), `...`, $VAR expansions) will be executed by the host shell before tmux receives the input — this is an RCE risk. The 'dangerous' filter is a simple substring check and can be bypassed by common command forms. If you need this functionality: (1) ask the author to stop using execSync with a single command string and instead use a subprocess API that avoids a shell (e.g., child_process.spawn or execFile with argument arrays, or execSync with shell disabled), or at minimum properly escape/validate all special shell metacharacters; (2) strengthen the dangerous-command detection and require explicit user confirmation for destructive commands; (3) run the skill in an isolated, non-root container or sandboxed environment and avoid running on hosts with sensitive data. If you cannot get those fixes, treat the skill as unsafe and do not give it access to agents running on production or privileged hosts.
Capability Analysis
Type: OpenClaw Skill
Name: my-shell
Version: 1.0.0
The skill provides a persistent shell interface via tmux, which is a high-risk capability. The implementation in handler.js contains a command injection vulnerability because it uses execSync with insufficient sanitization (only escaping double quotes, leaving backticks and subshells vulnerable). While it includes a basic safety filter (isDangerous), the overall design allows for arbitrary code execution on the host beyond the intended tmux session.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md, and handler.js all align: the skill runs arbitrary shell commands in a tmux session named 'claw' and returns pane output. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md limits scope (only session 'claw', prompts for destructive commands) but the runtime code does not reliably enforce these constraints. The dangerous-command check is string-based and easily bypassed (e.g., common forms like 'rm -rf /' are not always detected). More critically, the code builds a shell command string and only escapes double quotes, so constructs like $(...) or backticks inside the input will be interpreted by the host shell before being sent to tmux, allowing immediate host-side command execution outside the tmux target.
Install Mechanism
No install spec; this is an instruction/code-only skill and does not download or write additional artifacts during installation.
Credentials
The skill requests no environment variables, credentials, or config paths — this is proportionate to its stated purpose.
Persistence & Privilege
always:false (no forced always-on). The skill can be invoked autonomously (platform default). Combined with the implementation vulnerability, autonomous invocation increases risk because the agent could be induced to run crafted inputs that execute on the host.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install my-shell - After installation, invoke the skill by name or use
/my-shell - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
claw-shell 1.0.0 initial release
- Introduces a shell command tool that always runs inside tmux session named `claw`.
- Ensures only the `claw` session is used and never interacts with other tmux sessions.
- Returns the output of shell commands back to the agent after execution.
- Implements safety checks prohibiting commands like `sudo`, `rm` (without confirmation), `reboot`, and `shutdown`; requests user confirmation before running dangerous commands.
Metadata
Frequently Asked Questions
What is My Shell?
Runs shell commands inside a dedicated tmux session named claw, captures output, and prompts before executing potentially destructive commands. It is an AI Agent Skill for Claude Code / OpenClaw, with 401 downloads so far.
How do I install My Shell?
Run "/install my-shell" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is My Shell free?
Yes, My Shell is completely free (open-source). You can download, install and use it at no cost.
Which platforms does My Shell support?
My Shell is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created My Shell?
It is built and maintained by IdIeNet (@idienet); the current version is v1.0.0.
More Skills