← Back to Skills Marketplace

系统命令

Name: 系统命令
Author: ljr287404428

by ljr287404428 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install system-cmd

Description

执行Windows常见系统命令（如ipconfig、tasklist、netstat、systeminfo及别名命令）并返回格式化结果，支持安全分级和自定义配置。

Usage Guidance

This skill appears to do what it claims (run Windows commands) and contains code that enforces whitelists, timeouts and forbidden-pattern checks. Before installing: 1) Confirm you only run it on Windows test machines or VMs — the implementation expects PowerShell/CMD. 2) Review the bundled scripts (especially v3/v4) and config.json yourself; aliases can expand into commands. 3) If you don't need custom command execution, disable or remove the /system_cmd exec feature to avoid arbitrary command execution. 4) Don't grant the agent or this skill administrative privileges; high-risk operations will still run if invoked with elevated rights. 5) Be aware filters use regex/heuristics and could be bypassed; consider running the skill in an isolated environment and auditing logs. 6) Note the packaging inconsistencies (docs mentioning Python, metadata claiming instruction-only), which suggest the package may have been assembled sloppily — request the author clarify or provide a clean, single-language implementation if you require higher assurance.

Capability Analysis

Type: OpenClaw Skill Name: system-cmd Version: 1.0.0 The skill bundle provides a Windows system command execution engine, allowing an AI agent to run utilities like ipconfig, tasklist, and arbitrary shell commands via an 'exec' mode. While the implementation in system_cmd_v4.js includes multiple security layers—such as a command blacklist (FORBIDDEN_COMMANDS), regex-based pattern matching (HIGH_RISK_PATTERNS), and a mandatory confirmation flag (--yes) for dangerous operations—the core functionality is essentially a Remote Code Execution (RCE) interface. There is no evidence of intentional malice or hidden exfiltration logic, but the inherent risk of shell access and the potential for blacklist bypasses via shell syntax or unlisted commands warrant a suspicious classification.

Capability Assessment

ℹ Purpose & Capability

The name/description match the code: JS scripts execute Windows commands (PowerShell/CMD) and provide alias/config support. Minor inconsistencies: README/README.md sometimes references a Python subprocess implementation while shipped code is Node.js; SKILL metadata says "instruction-only" / no OS restriction, yet the implementation and docs require Windows/PowerShell. These are likely sloppy packaging but worth noting.

ℹ Instruction Scope

SKILL.md and the scripts implement pre-defined safe commands, alias resolution, and a /system_cmd exec <command> custom mode with safety checks and time/output limits. That matches the stated scope. However custom-exec still runs arbitrary shell commands (via child_process.exec) with heuristics/regex to block dangerous patterns — such filters can be bypassed by clever inputs. The skill also hot-loads/reads config.json from disk (included in package) to resolve aliases.

✓ Install Mechanism

No install spec or remote downloads; all code is bundled in the skill package. No network fetches or third-party install steps were observed in the manifest, which reduces supply-chain risk.

✓ Credentials

The skill requests no environment variables or external credentials. It reads a local config.json (present in the package) which is reasonable for alias configuration. No unrelated credentials or config paths are requested.

ℹ Persistence & Privilege

always:false and agent autonomous invocation defaults are normal. The skill executes system commands as the agent process and may run commands that require elevated privileges; high-risk commands are gated by a textual confirmation mechanism (--yes). This is expected behavior but increases blast radius if the agent or skill is run with elevated rights.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install system-cmd
After installation, invoke the skill by name or use /system-cmd
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

system-cmd v1.0.0 - Initial release providing execution of common Windows system commands (ipconfig, tasklist, netstat, systeminfo) with formatted results. - Supports safe, predefined commands and secure, customizable outputs. - Includes basic output formatting, error handling, and Chinese language support. - Limits execution to safe, predefined commands for security.

Metadata

Slug system-cmd

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is 系统命令?

执行Windows常见系统命令（如ipconfig、tasklist、netstat、systeminfo及别名命令）并返回格式化结果，支持安全分级和自定义配置。 It is an AI Agent Skill for Claude Code / OpenClaw, with 79 downloads so far.

How do I install 系统命令?

Run "/install system-cmd" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 系统命令 free?

Yes, 系统命令 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 系统命令 support?

系统命令 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 系统命令?

It is built and maintained by ljr287404428 (@ljr287404428); the current version is v1.0.0.

More Skills