← Back to Skills Marketplace
145
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install python-use-agent
Description
智能执行用户描述的Python任务,自动生成、执行代码并反馈结果,无需额外配置,兼容旧命令用法。
Usage Guidance
This skill implements what it claims (AI-driven Python execution) but there is a meaningful implementation mismatch: config.json and executor.py describe sandboxing and safety checks, yet index.js directly writes a temp .py file and runs it with child_process.exec without applying those checks or honoring sandbox settings. That allows arbitrary Python to run with whatever environment and filesystem access the agent process has. Before installing or using the skill, consider: 1) Do not pass secrets or sensitive file paths as 'context' or task text — executed code could read environment variables and files. 2) Prefer running this skill only in an isolated environment (container or VM) or with network/file-system access disabled. 3) Ask the author/maintainer whether index.js should call the Python executor (which would apply safety checks) or whether sandbox enforcement will be added; request explicit runtime enforcement of blocked imports/patterns and network/file-system restrictions. 4) If you must use it in a sensitive environment, review and modify index.js to enforce config.json security settings or route execution through a verified sandbox. If you cannot get these assurances, treat the skill as risky and avoid supplying any credentials or private data to it.
Capability Analysis
Type: OpenClaw Skill
Name: python-use-agent
Version: 1.0.0
The skill is designed to generate and execute arbitrary Python code based on AI prompts, which is an inherent Remote Code Execution (RCE) risk. While it includes basic security configurations and safety checks (e.g., `_check_safety` in `executor.py` and `blocked_imports` in `config.json`), the execution mechanism in `index.js` uses `child_process.exec` on temporary files without a robust, hardened sandbox. There is no evidence of intentional malice or data exfiltration, but the broad execution capabilities and the 'No Agents, Code is Agent' philosophy present a significant attack surface if the AI is prompted to generate harmful code.
Capability Assessment
Purpose & Capability
The name/description ('Python Use Agent') align with the included files: the package provides mechanisms to generate, review, and execute Python code. Requiring no external credentials and no special binaries is reasonable for this purpose. However, config.json declares sandboxing and allowed/blocked imports and executor.py contains safety-check placeholders, while index.js implements direct execution of Python code via child_process.exec without invoking those safety checks — an implementation mismatch that weakens the claimed protections.
Instruction Scope
SKILL.md describes task->generate->execute workflow and notes sandboxing, but it does not instruct agents to avoid sending secrets or system data into generated code. executor.py contains _check_safety and other safety stubs, but index.js's executePython writes the code to a temp file and runs `python <file>` directly, with no pre-execution filtering, no blocking of dangerous patterns, and no enforcement of the config.json security settings. That means the agent can execute arbitrary Python that may read files, environment variables, or use network I/O — scope creep relative to the plain skill description.
Install Mechanism
No install spec (instruction-only with shipped code) — lowest install risk. package.json lists no dependencies and peerDependencies requiring Python; nothing is downloaded at install time and no external URLs are used.
Credentials
The skill declares no required environment variables (reasonable), but runtime behavior allows executed Python code to access the agent's environment and filesystem. config.json lists allowed_imports including 'os' and 'pathlib' and allows network in execution config, yet blocked_imports are strings rather than enforced rules. Because index.js executes Python directly (without enforcing blocked patterns or a sandbox), the skill can inadvertently expose environment variables or local files to executed code. The skill's own metadata does not request credentials, but runtime code could access any env var present — this is disproportionate unless the environment is trusted and isolated.
Persistence & Privilege
always:false and no special OS restrictions. The skill does create ./python-use-results and writes temp files there, but it does not attempt to modify other skills or system-wide agent settings. It does not request persistent elevated privileges in its metadata.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install python-use-agent - After installation, invoke the skill by name or use
/python-use-agent - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Deprecated and integrated this skill into the unified "code" skill entry point for Python tasks.
- Maintained for backward compatibility; all tasks are auto-forwarded to the new entry.
- Updated documentation to recommend using code python [task] for all future tasks.
- Provided migration guide and clarified that no further configuration is needed.
Metadata
Frequently Asked Questions
What is Python Use Agent?
智能执行用户描述的Python任务,自动生成、执行代码并反馈结果,无需额外配置,兼容旧命令用法。 It is an AI Agent Skill for Claude Code / OpenClaw, with 145 downloads so far.
How do I install Python Use Agent?
Run "/install python-use-agent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Python Use Agent free?
Yes, Python Use Agent is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Python Use Agent support?
Python Use Agent is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Python Use Agent?
It is built and maintained by JIRBOY (@jirboy); the current version is v1.0.0.
More Skills