← Back to Skills Marketplace
sf0799

Shell Safe Exec

by sf0799 · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ✓ Security Clean
193
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install shell-safe-exec
Description
Safely run project-local build, test, lint, format, type-check, and install commands with strict restrictions to prevent destructive or system-wide effects.
Usage Guidance
This skill is internally consistent and lightweight, but it is instruction-only — its safety guarantees depend on the agent and host sandbox actually enforcing the rules. Before using: (1) Confirm the agent runtime enforces workspace isolation and cannot access files outside the repo or escalate privileges. (2) Be cautious when installing dependencies: package registries and package install scripts can execute arbitrary code (supply-chain risk). (3) Prefer invoking this skill with explicit, pinned commands rather than open-ended requests (avoid "run whatever tests are needed"). (4) Do not provide secrets or sensitive host config in the workspace. (5) If possible, run first on a disposable/CI container to validate behavior and logs.
Capability Analysis
Type: OpenClaw Skill Name: shell-safe-exec Version: 0.1.0 The skill bundle 'shell-safe-exec' provides defensive instructions for an AI agent to perform project-related shell tasks like building, testing, and linting. The instructions in SKILL.md and agents/openai.yaml explicitly forbid destructive operations, privilege escalation, and network scanning, while emphasizing the need to treat user input as untrusted to prevent command injection. No malicious code, exfiltration logic, or suspicious behaviors were identified.
Capability Assessment
Purpose & Capability
The name/description (safe, repo-local exec for build/test/lint/install) matches the SKILL.md. The skill declares no binaries, env vars, or installs that would be unrelated to its stated purpose.
Instruction Scope
The SKILL.md explicitly forbids destructive/system-wide actions, limits commands to the project workspace, and instructs treating user inputs as untrusted. However, enforcement is entirely procedural (relies on the agent following rules) and contains some subjective phrasing (e.g., "when the task can be completed without risky system operations"). The doc also permits installing dependencies via the project's package manager, which necessarily involves network access to registries and running package scripts — an expected but real supply-chain risk that the instructions do not further constrain.
Install Mechanism
No install spec and no code files — instruction-only skill. This is the lowest-risk install model because nothing is written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested; nothing appears disproportionate to the stated purpose.
Persistence & Privilege
always is false. The included agents/openai.yaml sets allow_implicit_invocation: false, reducing risk of implicit/autonomous invocation. The skill does not request persistent system presence or modify other skills.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install shell-safe-exec
  3. After installation, invoke the skill by name or use /shell-safe-exec
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
initial release
Metadata
Slug shell-safe-exec
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Shell Safe Exec?

Safely run project-local build, test, lint, format, type-check, and install commands with strict restrictions to prevent destructive or system-wide effects. It is an AI Agent Skill for Claude Code / OpenClaw, with 193 downloads so far.

How do I install Shell Safe Exec?

Run "/install shell-safe-exec" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Shell Safe Exec free?

Yes, Shell Safe Exec is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Shell Safe Exec support?

Shell Safe Exec is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Shell Safe Exec?

It is built and maintained by sf0799 (@sf0799); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments