← Back to Skills Marketplace
87
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install safe-shell-execution-claude-code
Description
Perform layered safety checks on shell commands: detect injections, warn before destructive ops, protect sensitive paths, and require confirmations before ex...
Usage Guidance
This skill is low-install-risk (instruction-only) and does aim to do something useful, but its rules are currently too blunt and ambiguous to trust without clarification. Before installing or relying on it: 1) Ask the author to justify and narrow any outright 'reject' rules (in particular the '${}'/parameter-expansion rejection) and to provide exact patterns or a proper shell parser approach rather than plain substring matches. 2) Request evidence for the provenance claim (what was copied from ~/.claude and why), or remove it. 3) Ask how confirmations are presented, logged, and how false positives are handled. 4) Test the rules in a safe sandbox to see how often benign commands are blocked and whether required confirmations are usable. If you cannot get clear answers or implementation details, treat the skill as brittle and avoid depending on it for production safety.
Capability Analysis
Type: OpenClaw Skill
Name: safe-shell-execution-claude-code
Version: 1.0.0
The skill bundle provides a comprehensive set of safety instructions for AI agents to validate shell commands before execution. It implements layered security checks including shell injection detection (e.g., command substitution, Zsh-specific expansions), warnings for destructive operations (e.g., rm -rf, git reset), and protection for sensitive files (e.g., ~/.ssh, shell configs). The content in SKILL.md is purely defensive and aligns with its stated purpose of preventing accidental or malicious system damage.
Capability Assessment
Purpose & Capability
The name/description match the SKILL.md: it's an instruction-only safety wrapper for shell execution. However the SKILL.md claims provenance from Claude Code and that internal files live in ~/.claude — a provenance claim that is unverifiable and unnecessary for the skill to function. That mismatch should be questioned but doesn't by itself break the purpose alignment.
Instruction Scope
The instructions are prescriptive but also technically overbroad and ambiguous. Examples: Layer 1 lists '${}' (parameter expansion) and other common shell constructs as patterns to 'reject directly' — this would block many benign, normal commands (e.g., echo ${HOME}, PATH manipulations). The guidance lacks a precise parsing strategy (how to detect writes vs reads, redirections, quoted expansions, or environment-variable-based paths), and does not specify exact regexes or a safe implementation approach. It also requires interactive confirmations but gives no guidance on how confirmations are surfaced/recorded. These make the instructions hard to implement correctly and could cause frequent false positives or surprising refusals.
Install Mechanism
Instruction-only skill with no install spec, no executable downloads, and no code files — minimal installation risk and nothing is written to disk by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The sensitive-path list is reasonable as items to protect, but the skill does not ask for access to them. The provenance claim about reading ~/.claude is uncorroborated and should be treated skeptically.
Persistence & Privilege
always is false and there is no install-time persistence requested. The skill can be invoked autonomously (platform default) which is expected for a runtime safety helper; that by itself is not a red flag. There is no request to modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install safe-shell-execution-claude-code - After installation, invoke the skill by name or use
/safe-shell-execution-claude-code - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of safe-shell-execution skill extracted from Claude Code production security patterns.
- Adds multi-layered safety for any shell execution request: detects injections, warns on destructive ops, and protects sensitive files.
- Detects and blocks command substitution, Zsh-specific attack surfaces, and other injection patterns before execution.
- Displays explicit warnings and requires confirmation for destructive git and filesystem operations.
- Enforces confirmation for write access to shell configs, credentials, or system-critical files.
- Provides clear classification and handling of commands (safe, caution, warning, reject) with step-by-step flow.
- Rejects unsafe commands with detailed reasons for user clarity.
Metadata
Frequently Asked Questions
What is safe-shell-execution-claude-code?
Perform layered safety checks on shell commands: detect injections, warn before destructive ops, protect sensitive paths, and require confirmations before ex... It is an AI Agent Skill for Claude Code / OpenClaw, with 87 downloads so far.
How do I install safe-shell-execution-claude-code?
Run "/install safe-shell-execution-claude-code" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is safe-shell-execution-claude-code free?
Yes, safe-shell-execution-claude-code is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does safe-shell-execution-claude-code support?
safe-shell-execution-claude-code is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created safe-shell-execution-claude-code?
It is built and maintained by lizlzzzz (@lizlzzzz); the current version is v1.0.0.
More Skills