← Back to Skills Marketplace
8867
Downloads
8
Stars
121
Active Installs
10
Versions
Install in OpenClaw
/install safe-exec
Description
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Usage Guidance
Install only if you are comfortable letting this skill execute shell commands with your user privileges. Keep SAFE_EXEC_AUTO_CONFIRM and OPENCLAW_AGENT_CALL bypass flows off for untrusted workflows, do not rely on the audit log as tamper-proof, avoid passing secrets in prompts/context, and use OS/container sandboxing for destructive or privileged command work.
Capability Analysis
Type: OpenClaw Skill
Name: safe-exec
Version: 0.3.4
The 'safe-exec' skill is presented as a security tool to intercept and require approval for dangerous shell commands executed by an AI agent. Its documentation (SKILL.md, READMEs, CLAWDHUB_SECURITY_RESPONSE.md) explicitly states no network calls, monitoring, or credential requirements, and the developer has actively removed previously problematic features. However, the core scripts (`scripts/safe-exec.sh` and `scripts/safe-exec-approve.sh`) use `eval "$COMMAND"` to execute commands. This is a critical shell injection vulnerability, as a sophisticated attacker could potentially bypass the risk assessment regexes or manipulate the command string to achieve arbitrary code execution, even for commands deemed 'low' risk or after user approval. Despite the clear intent to provide a security layer, this significant RCE risk makes the skill suspicious.
Capability Assessment
Purpose & Capability
The purpose is coherent: a local shell-command risk checker with pending approvals and audit logs. The concern is that the security boundary is weaker than the approval-tool framing: approved, low-risk, disabled, and context-downgraded paths all execute raw shell strings with eval.
Instruction Scope
The documentation discloses agent-mode bypasses, but also says commands wait for explicit confirmation. Broad enable/install phrases and free-form context keywords make the activation and approval scope too loose for a tool that gates destructive commands.
Install Mechanism
Installation is a disclosed GitHub clone plus executable scripts and optional PATH symlinks. I found no hidden installer, credential request, or runtime network behavior beyond the declared clone source.
Credentials
The declared local writes fit the purpose, and no network or credential use was found. However, environment variables can disable protections or skip confirmation, and SAFEXEC_CONTEXT can be used to downgrade risk and may be logged with user context.
Persistence & Privilege
The skill stores pending requests, rules, and audit logs under ~/.openclaw and runs commands with the user's shell privileges. There is no background daemon in the inspected artifacts, but the approval helper can execute queued commands non-interactively.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install safe-exec - After installation, invoke the skill by name or use
/safe-exec - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.4
fix: 修复YAML metadata格式以符合ClawHub要求
v0.3.3
Security enhancement
v0.3.2
Add backward compatibility symlinks and improved documentation. Project restructuring with zero breaking changes - all existing users can upgrade without any modifications. New conversational installation method added.
v0.3.1
Remove markdown formatting from description, ensure English-only text
v0.3.0
Add quick install guide and GitHub issue link in description
v0.2.8
Clarify platform-agnostic design - works via in-session terminal notifications, independent of communication tools
v0.2.7
Fully English documentation with global enable mode (Enable SafeExec)
v0.2.6
Update usage to global enable mode (开启 SafeExec) instead of per-command execution
v0.2.5
Update documentation to English with conversational usage examples
v0.2.4
Fix non-interactive environment hang issue
Metadata
Frequently Asked Questions
What is Safe Exec?
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen... It is an AI Agent Skill for Claude Code / OpenClaw, with 8867 downloads so far.
How do I install Safe Exec?
Run "/install safe-exec" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Safe Exec free?
Yes, Safe Exec is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Safe Exec support?
Safe Exec is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Safe Exec?
It is built and maintained by OTTTTTO (@ottttto); the current version is v0.3.4.
More Skills