← Back to Skills Marketplace

Exec Tool

Name: Exec Tool
Author: mayuran1096

by Mayuran Ys · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install exec-tool

Description

Securely executes predefined clawhub CLI commands within controlled OpenClaw workflows, preventing unsafe or arbitrary system operations.

README (SKILL.md)

Exec Tool (ClawHub Skill)

Overview

Exec Tool is a controlled system command execution skill designed for OpenClaw environments. It allows secure execution of predefined CLI commands from within ClawHub workflows.

This skill is intended for automation, debugging, and controlled system operations inside VPS environments.

Problem it solves

When working in server environments (such as Hostinger VPS deployments), users often need to trigger system-level commands from automation layers like Telegram bots or OpenClaw agents. This skill bridges that gap safely.

Core functionality

Executes only allowed system commands
Currently supports: clawhub CLI operations
Prevents arbitrary or unsafe command execution
Returns trimmed output for chat interfaces (e.g., Telegram)

Security model

This skill is intentionally restricted:

Only whitelisted commands are executed
Prevents destructive operations (rm, sudo, etc.)
Designed for controlled automation environments

Example usage

Search skills

clawhub search "Google Workspace"

Install skill

clawhub install exec_tool

Integration use case

This skill is commonly used in:

Telegram bot automation
OpenClaw workflows
VPS management via chat interfaces
CI/CD command triggers

Notes

This skill is part of a controlled execution layer and should not be used for unrestricted shell access.

Usage Guidance

Do not install this on sensitive systems as-is. The skill's README promises safe execution but the code runs the provided string through the shell after only a prefix check, so an attacker or an accidental input like 'clawhub; rm -rf /' would execute additional commands. If you need this functionality, require one of the following before trusting it: (1) change implementation to use subprocess.run([...], shell=False) and parse/validate arguments, (2) restrict to an exact allowlist of full command patterns (not prefix checks), (3) perform strict argument validation/escaping, and (4) run it only in isolated, disposable environments. If the author can provide a patched version using safe subprocess invocation and a stronger whitelist (and show tests proving injection isn't possible), reassess. Otherwise treat this as unsafe for production or publicly accessible agents.

Capability Analysis

Type: OpenClaw Skill Name: exec-tool Version: 1.0.0 The skill contains a critical shell injection vulnerability in tool.py. While it attempts to restrict execution to a whitelist using a startswith check, it passes the raw command string directly to subprocess.getoutput(), allowing for command chaining (e.g., 'clawhub; curl ...'). This directly contradicts the security claims in SKILL.md regarding the prevention of arbitrary command execution.

Capability Assessment

⚠ Purpose & Capability

Name/description and code agree on purpose (execute clawhub CLI commands), so capability is plausible; however the security claims in SKILL.md (prevents destructive ops) are not enforced by the implementation, making the stated purpose and actual behavior inconsistent.

⚠ Instruction Scope

SKILL.md restricts execution to whitelisted commands and promises prevention of destructive operations. The runtime code accepts any string starting with 'clawhub' and calls subprocess.getoutput (shell), which allows shell operators and injection (e.g., 'clawhub; rm -rf /'), so instructions' safety constraints are effectively bypassed.

✓ Install Mechanism

No install spec (instruction-only with a small Python file). Nothing is downloaded or installed during setup, so there is low install-time risk.

✓ Credentials

The skill requests no environment variables, credentials, or config paths, which is proportionate for a CLI execution helper.

✓ Persistence & Privilege

The skill is not always-enabled and requests no elevated platform privileges. Autonomous invocation is allowed (platform default), which increases blast radius but is not itself unusual here.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install exec-tool
After installation, invoke the skill by name or use /exec-tool
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release of Exec Tool for controlled command execution in OpenClaw environments. - Allows secure execution of approved `clawhub` CLI commands. - Enforces command whitelisting and blocks unsafe operations. - Designed for use cases like automation, debugging, and chat-based system management. - Output is trimmed for compatibility with interfaces such as Telegram.

Metadata

Slug exec-tool

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Exec Tool?

Securely executes predefined clawhub CLI commands within controlled OpenClaw workflows, preventing unsafe or arbitrary system operations. It is an AI Agent Skill for Claude Code / OpenClaw, with 84 downloads so far.

How do I install Exec Tool?

Run "/install exec-tool" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Exec Tool free?

Yes, Exec Tool is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Exec Tool support?

Exec Tool is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Exec Tool?

It is built and maintained by Mayuran Ys (@mayuran1096); the current version is v1.0.0.

More Skills