← Back to Skills Marketplace
Run Command Safety Check
by
vx:17605205782
· GitHub ↗
· v1.0.0
· MIT-0
157
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install run-command-safety-check
Description
在执行 shell 方案前检查危险模式,如 pipe-to-shell、覆盖式删除、危险重定向或混淆执行。;use for shell, security, command-review workflows;do not use for 提供攻击性命令, 帮用户绕过限制.
Usage Guidance
This skill is coherent and runs locally with only python3 required. Before using it: (1) only point it at files/directories you intend to scan — do not pass root/system or other sensitive directories; (2) prefer sanitized inputs (remove or redact secrets) because the tool may surface snippets (it masks matches but keeps the first 4 characters); (3) use --dry-run or run against a small sample first; (4) review outputs before sharing — the tool does not network out, but its outputs could contain sensitive context; and (5) if you need stricter redaction, inspect/modify scripts/run.py to change the masking behavior.
Capability Analysis
Type: OpenClaw Skill
Name: run-command-safety-check
Version: 1.0.0
The skill bundle is a security auditing tool designed to scan shell commands and scripts for dangerous patterns such as pipe-to-shell, recursive deletions, and hardcoded secrets. The core logic in `scripts/run.py` uses Python's standard library to perform regex-based scanning and generates structured Markdown reports, including a mechanism to mask detected secrets. The instructions in `SKILL.md` explicitly direct the AI agent to prioritize safety reviews and avoid executing commands or bypassing restrictions, aligning perfectly with the stated purpose.
Capability Assessment
Purpose & Capability
Name/description match the included assets (SKILL.md, resources/spec.json, template) and the shipped script. Required binary is only python3, which is appropriate for a local text/pattern auditor. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md stays on‑purpose: it instructs the agent to audit commands and scripts and prefer read-only review. The runtime script will read files from the provided input path (file or directory) and search/emit pattern matches. This is expected, but it means the tool can read arbitrary files you give it (including files containing secrets). The script masks matched secrets only partially (keeps first 4 chars then '***'), which could leak identifying fragments; it does not exfiltrate data or make network calls.
Install Mechanism
No install spec; the skill is instruction- and script-based and relies on python3 and the standard library. No remote downloads or package installs are performed.
Credentials
No environment variables, credentials, or config paths are requested. The only runtime dependency is python3. The script does scan for secret-like patterns (appropriate for its purpose) but the partial redaction behavior (revealing first 4 chars) is something users should be aware of.
Persistence & Privilege
always:false and no code writes to agent/global config. The script can write an output file if invoked with --output (normal behavior for a local tool), but it does not request elevated or persistent privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install run-command-safety-check - After installation, invoke the skill by name or use
/run-command-safety-check - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of run-command-safety-check skill:
- Checks shell commands for dangerous patterns such as pipe-to-shell, destructive delete, risky redirection, or obfuscated execution before running.
- Gives structured output: dangerous patterns, medium-risk patterns, background notes, alternative suggestions, manual review points, and final recommendations.
- Prioritizes readable, audit-friendly, and dry-run approaches; avoids executing or suggesting aggressive, attack, or privilege-escalation commands.
- Clearly states requirements and safe usage boundaries.
- Supports review workflows for shell, security, and command-review scenarios.
Metadata
Frequently Asked Questions
What is Run Command Safety Check?
在执行 shell 方案前检查危险模式,如 pipe-to-shell、覆盖式删除、危险重定向或混淆执行。;use for shell, security, command-review workflows;do not use for 提供攻击性命令, 帮用户绕过限制. It is an AI Agent Skill for Claude Code / OpenClaw, with 157 downloads so far.
How do I install Run Command Safety Check?
Run "/install run-command-safety-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Run Command Safety Check free?
Yes, Run Command Safety Check is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Run Command Safety Check support?
Run Command Safety Check is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created Run Command Safety Check?
It is built and maintained by vx:17605205782 (@52yuanchangxing); the current version is v1.0.0.
More Skills