← Back to Skills Marketplace
miguelguerra200022-sudo

Code Executor

by Miguel Guerra · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1702
Downloads
0
Stars
13
Active Installs
1
Versions
Install in OpenClaw
/install code-executor
Description
Ejecuta código Python, JavaScript, Bash dinámicamente. El bot puede crear y ejecutar código al vuelo.
README (SKILL.md)

Code Executor (Ejecutor de Código) 🔥

PODER INFINITO. El bot puede escribir y ejecutar código para resolver cualquier problema.

¿Qué Hace?

Si el bot necesita hacer algo que no tiene una skill:

  1. Escribe el código necesario
  2. Lo ejecuta en un sandbox
  3. Retorna el resultado

Comandos

# Ejecutar código directamente
run python "print('Hello World')"
run js "console.log(2+2)"
run bash "ls -la"

# Ejecutar archivo
run ~/script.py
execute ~/automation.js

# El bot decide qué código escribir
solve "calcula el factorial de 100"
compute "genera 10 números primos"

Ejemplo Real

Usuario: calcula cuántos días faltan para mi cumpleaños (15 de marzo)

Bot: ⚡ Necesito calcular esto...

     📝 Código generado:
     ```python
     from datetime import date
     
     today = date.today()
     birthday = date(today.year, 3, 15)
     
     if birthday \x3C today:
         birthday = date(today.year + 1, 3, 15)
     
     days = (birthday - today).days
     print(f"Faltan {days} días para tu cumpleaños")
     ```
     
     ⚡ Ejecutando...
     
     ✅ Resultado:
     Faltan 40 días para tu cumpleaños (15 de marzo, 2026)

Resolución de Problemas

Usuario: necesito renombrar 500 archivos agregando la fecha

Bot: ⚡ Generando script...

     ```python
     import os
     from datetime import datetime
     
     folder = "/ruta/a/archivos"
     date_str = datetime.now().strftime("%Y%m%d")
     
     for filename in os.listdir(folder):
         name, ext = os.path.splitext(filename)
         new_name = f"{date_str}_{name}{ext}"
         os.rename(
             os.path.join(folder, filename),
             os.path.join(folder, new_name)
         )
         print(f"Renamed: {filename} -> {new_name}")
     ```
     
     ⚠️ Este script renombrará 500 archivos.
     ¿Ejecutar? [Sí] [Ver preview] [Cancelar]

Lenguajes Soportados

Lenguaje Runtime
Python python3
JavaScript node
TypeScript ts-node
Bash bash/sh
SQL sqlite3

Modo Interactivo

Usuario: abre un REPL de Python

Bot: ⚡ Python REPL iniciado:

     >>> 
     
Usuario: import math; math.pi

Bot: >>> import math; math.pi
     3.141592653589793
     
Usuario: exit

Bot: ⚡ REPL cerrado

Instalación de Dependencias

Usuario: necesito usar pandas para analizar este CSV

Bot: ⚡ pandas no está instalado
     
     ¿Instalar pandas? [Sí] [No]

Usuario: sí

Bot: ⚡ pip install pandas
     ✅ pandas instalado
     
     Continuando con el análisis...

Seguridad

CODE_SANDBOX=true           # Ejecutar en sandbox
CODE_TIMEOUT=30             # Timeout en segundos
CODE_ALLOW_NETWORK=false    # Bloquear red por defecto
CODE_ALLOW_FILESYSTEM=read  # Solo lectura por defecto
CODE_REQUIRE_CONFIRM=true   # Confirmar antes de ejecutar

Casos de Uso

  1. Cálculos complejos que no tiene ninguna skill
  2. Transformación de datos personalizada
  3. Automatizaciones únicas que no ameritan una skill
  4. Prototipado rápido de soluciones
  5. Debugging y testing
Usage Guidance
This skill legitimately does what it says (generate and run code), but that ability is powerful and risky unless the platform enforces a real sandbox. Before installing: (1) Confirm your platform will enforce CODE_SANDBOX, CODE_TIMEOUT, CODE_ALLOW_NETWORK, CODE_ALLOW_FILESYSTEM and not just rely on the skill's text; (2) Require the skill to always ask for explicit user confirmation before executing scripts that modify files or install packages; (3) Block network access by default and only enable it for trusted, short-lived tasks; (4) Avoid granting it autonomous invocation if you don't want it to run code without a user-in-the-loop; (5) If you must use it, run it in an isolated test environment first and audit logs for executed commands and installed packages. The skill's mention of sandbox controls without declaring them in metadata is an inconsistency worth clarifying with the publisher.
Capability Analysis
Type: OpenClaw Skill Name: code-executor Version: 1.0.0 This skill bundle is designed for dynamic code execution across multiple languages (Python, JavaScript, Bash, SQL), which is inherently high-risk. Key suspicious capabilities include direct Bash command execution (`run bash "ls -la"`), the ability to install arbitrary dependencies (`pip install pandas`), and file system interaction (e.g., `os.rename` in the 'Resolución de Problemas' example). While the `SKILL.md` explicitly states security controls like `CODE_SANDBOX=true`, `CODE_ALLOW_NETWORK=false`, and `CODE_ALLOW_FILESYSTEM=read`, the effectiveness of these platform-level controls is external to this analysis. Furthermore, the `os.rename` example contradicts the stated `CODE_ALLOW_FILESYSTEM=read` default, raising concerns about potential file write access. The ability to install arbitrary packages via `pip` presents a significant supply chain risk.
Capability Assessment
Purpose & Capability
The name/description (dynamic code execution in Python/JS/Bash) matches the SKILL.md: it describes generating code, running files, REPLs, and installing runtime deps. That capability legitimately needs access to language runtimes and possibly the filesystem for file-based scripts. However, the SKILL.md references runtime guards (CODE_SANDBOX, CODE_ALLOW_NETWORK, etc.) that are not declared in the registry metadata, which is an inconsistency.
Instruction Scope
Instructions explicitly tell the agent to generate and execute arbitrary code, run scripts from home paths (e.g., run ~/script.py), rename files under arbitrary folders, and install packages with pip. These actions involve reading/writing the local filesystem, executing arbitrary processes, and pulling code from package registries — all high-scope operations. The doc says network access is blocked by default but can be toggled, and confirmations are suggested but not enforced by any declared mechanism.
Install Mechanism
There is no install spec (instruction-only skill), which minimizes disk infection risk from an installer. However, the runtime instructions permit the agent to run package managers (pip, ts-node/npm, sqlite3) to install dependencies at runtime — this allows arbitrary third-party code from package registries to be installed and executed, which is a moderate operational risk if not sandboxed.
Credentials
The SKILL.md enumerates environment controls (CODE_SANDBOX, CODE_TIMEOUT, CODE_ALLOW_NETWORK, CODE_ALLOW_FILESYSTEM, CODE_REQUIRE_CONFIRM) but the skill metadata lists no required env vars or primary credential. That mismatch means the skill expects platform-level env controls that are not declared here; it's unclear who enforces them. The skill itself can read files and run commands without declaring any permission boundaries.
Persistence & Privilege
always:false (normal). The skill is user-invocable and allows model invocation, which is standard. Still, because it enables autonomous code execution, giving it unrestricted autonomous invocation would increase risk — consider restricting autonomous use or requiring explicit user confirmation for all code runs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install code-executor
  3. After installation, invoke the skill by name or use /code-executor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Primera versión publicada de “code-executor”. - Permite al bot crear, ejecutar y mostrar código Python, JavaScript, Bash, TypeScript y SQL de forma dinámica. - Soporta comandos directos como run/execute con scripts o código en línea. - Incluye modo interactivo tipo REPL y gestión de dependencias. - Incorpora medidas de seguridad (sandbox, timeout, bloqueo de red, permisos de filesystem). - Útil para cálculos complejos, automatizaciones y prototipado rápido.
Metadata
Slug code-executor
Version 1.0.0
License
All-time Installs 15
Active Installs 13
Total Versions 1
Frequently Asked Questions

What is Code Executor?

Ejecuta código Python, JavaScript, Bash dinámicamente. El bot puede crear y ejecutar código al vuelo. It is an AI Agent Skill for Claude Code / OpenClaw, with 1702 downloads so far.

How do I install Code Executor?

Run "/install code-executor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Code Executor free?

Yes, Code Executor is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Code Executor support?

Code Executor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Code Executor?

It is built and maintained by Miguel Guerra (@miguelguerra200022-sudo); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments