Safe Exec 0.3.2

Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agents need to execute shell commands that may be dangerous (rm -rf, dd, fork bombs, system directory modifications) or require human oversight. Provides multi-level risk assessment (CRITICAL/HIGH/MEDIUM/LOW), in-session notifications, pending request management, and non-interactive environment support for agent automation.

Things to check before installing: - Source authenticity: SKILL.md and READMEs reference a GitHub repo (OTTTTTO/safe-exec) but the registry shows 'Source: unknown' and no homepage. Verify the canonical repository URL and the publisher identity before installing. - Read the scripts (especially scripts/safe-exec.sh and scripts/safe-exec-ai-wrapper.sh): the package is script-based — inspect what it writes to ~/.openclaw/, what commands it executes, and whether it modifies shell startup files or PATH/symlinks. - Understand how 'automatic monitoring' is implemented: the skill claims to intercept all shell commands. Confirm whether it requires modifying shell rc files, replacing executables, adding wrappers to PATH, or editing OpenClaw config. Any of those actions change system behavior and should be allowed only with explicit user consent. - Non-interactive/agent behavior: changelog and docs say agent (non-interactive) calls can bypass human confirmation (OPENCLAW_AGENT_CALL). If you expect agents to be constrained, this default bypass undermines protection — review and test the non-interactive logic. - External integrations and credentials: unified-monitor and notification docs mention Feishu and GitHub and reading OpenClaw session contents. Determine if the code will use existing OpenClaw CLI credentials or ask for tokens. If the skill can read agent session content, that may expose sensitive conversations — only install if you trust the skill and its maintainer. - Test in a sandbox first: try installing in an isolated environment or container, exercise interception/approval flows, and verify audit logs and cleanup behavior. - Audit log permissions: audit logs store executed commands; ensure log files have appropriate file permissions and rotation to avoid leaking sensitive command contents. - Prefer manual install: rather than the one-click in-chat install, consider cloning the repository yourself, reviewing the code, and installing with explicit, audited steps. If you cannot confirm the publisher identity or cannot review the scripts, treat this skill as higher risk and avoid enabling it on production or sensitive machines.

Type: OpenClaw Skill Name: safe-exec-0-3-2 Version: 1.0.0 The skill is designed to provide safe command execution but contains risky capabilities. Specifically, the `safe-exec.sh` script uses `eval` to execute commands, which is a high-risk primitive. More critically, its 'context-aware' feature allows 'HIGH' and 'MEDIUM' risk commands to be downgraded to 'LOW' (and thus executed directly without explicit user approval) if specific confirmation keywords are present in the `SAFEXEC_CONTEXT` environment variable. This creates a significant prompt injection vector against the AI agent, enabling it to bypass intended safety checks for potentially harmful operations like `curl | bash` or system configuration changes, as detailed in `scripts/safe-exec.sh`.