← Back to Skills Marketplace
841
Downloads
1
Stars
4
Active Installs
3
Versions
Install in OpenClaw
/install terminal-killer
Description
Intelligent shell command detector and executor for OpenClaw. Automatically identifies terminal commands (system builtins, $PATH executables, history matches...
Usage Guidance
This skill does what it says — it will detect and run shell commands using your real shell environment. That requires sourcing your dotfiles (~/.zshrc, ~/.bashrc) and reading shell history; both are legitimate for this task but are risky because dotfiles can run arbitrary code and history or command outputs may contain secrets (API keys, tokens, passwords). Before installing or enabling: 1) Review the source (you have it) and confirm you trust the author; 2) Inspect your shell init files for unexpected network calls or side effects (and consider running the skill under a sanitized shell or user); 3) Disable or restrict logging or ensure logs (~/.openclaw/logs/...) are stored securely; 4) Configure the skill to require interactive approval for execution (raise the confidence threshold or force approval for anything non-trivial) and avoid enabling fully autonomous execution if you cannot audit every invocation; 5) If you need minimal privilege, prefer not to allow it to source dotfiles or to limit MAX_HISTORY_CHECK to 0. If you want to proceed but are unsure, keep it disabled by default and only run detect-only tests (node scripts/detect-command.js) rather than executing commands.
Capability Analysis
Type: OpenClaw Skill
Name: terminal-killer
Version: 1.2.0
The skill is designed to execute shell commands directly, which is a high-risk capability by nature. It attempts to mitigate this with dangerous command detection and an approval workflow. However, a critical vulnerability exists in `scripts/detect-command.js` and `scripts/exec-command.js` (and other execution paths) where user-controlled shell initialization files (e.g., `~/.zshrc`, `~/.bashrc`) are sourced via `execSync` before executing `which` or the user's command. This means any malicious code in these config files could be executed during the command detection phase, even if the user's input is not ultimately approved for execution, leading to a potential Remote Code Execution (RCE) vulnerability. While the author explicitly states the skill does not perform external API calls or data exfiltration, the inherent risk of direct shell execution with full user environment and the specific RCE vulnerability during detection make it suspicious.
Capability Assessment
Purpose & Capability
Name/description (detect + execute shell commands) match the actual implementation: detector, executor, interactive opener. Executing commands with the user's environment, checking $PATH and shell history, and opening new terminal windows are coherent with the stated goal.
Instruction Scope
Runtime instructions and code explicitly source user shell init files (e.g. ~/.zshrc, ~/.bashrc) and read shell history (~/.zsh_history, ~/.bash_history). Sourcing init files executes whatever is in them; reading history and command outputs may surface secrets. These behaviors extend beyond simple command detection and create sensitive read/execute surface that users should expect but be cautious about.
Install Mechanism
No installer or remote downloads; this is an instruction+code bundle that runs locally. That lowers supply-chain risk because nothing is fetched at install time.
Credentials
The skill requests no explicit credentials, but it inherits process.env and deliberately sources shell init files to obtain PATH and env vars, and it reads shell history files. Those actions are plausible for running user commands, but they give the skill access to sensitive local data (history, env vars, and any code executed during sourcing). The skill also logs commands and outputs (per README/SKILL.md), which may record secrets.
Persistence & Privilege
always:false (good), but the skill can be invoked autonomously by the agent (default). Combined with the ability to execute arbitrary shell commands and to source init files / read histories / open terminals, this gives a high blast radius if misclassification or malicious inputs occur. The skill does not modify other skills or system configs, but its execution privileges are powerful.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install terminal-killer - After installation, invoke the skill by name or use
/terminal-killer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
### v1.2.0
- Updated documentation in README.md for improved clarity and detail.
- Updated metadata in clawhub.json.
- No changes to core detection logic or execution rules.
v1.1.0
v1.1.0: 1) Faithful command execution, 2) Interactive shell detection, 3) Long output handling
v1.0.0
Initial release: Smart command detector with cross-platform support
Metadata
Frequently Asked Questions
What is Terminal Killer?
Intelligent shell command detector and executor for OpenClaw. Automatically identifies terminal commands (system builtins, $PATH executables, history matches... It is an AI Agent Skill for Claude Code / OpenClaw, with 841 downloads so far.
How do I install Terminal Killer?
Run "/install terminal-killer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Terminal Killer free?
Yes, Terminal Killer is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Terminal Killer support?
Terminal Killer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Terminal Killer?
It is built and maintained by cosperypf (@cosperypf); the current version is v1.2.0.
More Skills