← Back to Skills Marketplace
256
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install taizi-claw-shell
Description
Runs shell commands inside a dedicated tmux session named 'claw', returning command output and prompting before destructive commands.
Usage Guidance
This skill runs arbitrary shell commands and returns their output. Before installing, consider: 1) The skill requires tmux but does not declare it — ensure tmux is available and you accept that requirement. 2) The implementation uses node's execSync with the user command interpolated into a shell command; this can cause the host shell to evaluate parts of the input before tmux receives it (e.g., $(cmd), backticks, environment expansions, or other metacharacters), enabling unexpected or destructive host-side execution. 3) The 'dangerous command' check is basic and can be bypassed; the code only returns an error code that your agent must interpret rather than enforcing confirmation. Recommendations: only install if you trust the agent and users of the skill; ask the developer to (a) declare tmux in metadata, (b) avoid execSync with a shell (use spawn with argv or pass arguments to tmux directly to avoid shell expansion), and (c) implement an explicit confirmation step or server-side gating for destructive commands. If you cannot get these fixes, treat the skill as unsafe for untrusted input or production use.
Capability Analysis
Type: OpenClaw Skill
Name: taizi-claw-shell
Version: 1.0.0
The skill provides a tool to execute arbitrary shell commands within a persistent tmux session. It is classified as suspicious due to a command injection vulnerability in handler.js, where the sendCommand function fails to sanitize shell metacharacters (e.g., backticks or dollar signs) before passing them to execSync. While the skill includes a basic safety blacklist (isDangerous) and instructions in SKILL.md to avoid destructive commands, the implementation is inherently high-risk and lacks robust input validation.
Capability Assessment
Purpose & Capability
The SKILL.md and handler implement a tmux-backed shell, which is coherent, but the registry metadata lists no required binaries even though tmux is essential. The skill therefore underdeclares its footprint (tmux must be present).
Instruction Scope
SKILL.md promises to run commands only inside session 'claw' and to prompt before destructive commands. The handler largely follows that, but it uses execSync to invoke shell commands that incorporate the user-supplied command string. Because the code only escapes double quotes, shell metacharacters (e.g., $(...), `...`, $VAR, ;, &, |) can be interpreted by the invoking shell before tmux is called, meaning input can be executed on the host outside the tmux pane. The 'ask first' behavior is implemented only by returning an error token, not by enforcing an interactive confirmation.
Install Mechanism
Instruction-only with a small handler.js and no install spec — nothing is downloaded or written during installation. This is low install risk, but the skill still requires tmux at runtime (not declared).
Credentials
No environment variables, credentials, or config paths are requested; that is proportionate to the described purpose.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills or system config. Normal autonomous invocation is allowed by platform defaults.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install taizi-claw-shell - After installation, invoke the skill by name or use
/taizi-claw-shell - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of taizi-claw-shell.
- Runs shell commands safely inside a dedicated tmux session named "claw".
- Provides a single tool, `claw_shell_run`, for sending commands and reading back output.
- Strictly avoids interfering with other tmux sessions.
- Asks for user confirmation before executing potentially destructive commands (e.g., `sudo`, `rm`, `reboot`).
- Ensures clear separation of safe and dangerous command handling.
Metadata
Frequently Asked Questions
What is Taizi Claw Shell?
Runs shell commands inside a dedicated tmux session named 'claw', returning command output and prompting before destructive commands. It is an AI Agent Skill for Claude Code / OpenClaw, with 256 downloads so far.
How do I install Taizi Claw Shell?
Run "/install taizi-claw-shell" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Taizi Claw Shell free?
Yes, Taizi Claw Shell is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Taizi Claw Shell support?
Taizi Claw Shell is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Taizi Claw Shell?
It is built and maintained by fresh3 (@fresh3); the current version is v1.0.0.
More Skills