← Back to Skills Marketplace
116
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install skill-runner
Description
Enables secure execution of specified OpenClaw skills via cron jobs by forwarding agentTurn messages and passing the necessary context.
Usage Guidance
This skill can run other local skills by importing their index.js and passing them the runner's full context. Before installing, consider: 1) The code hard-codes /home/bosunjung/... — confirm that path is correct for your environment or request that the author make the base path configurable. 2) The message payload ("run <skill-name>") is not sanitized or allowlisted — an attacker who can send cron payloads or agentTurn messages could request 'run ../../some/path' and cause arbitrary local file execution. Require an allowlist of permitted skill names or validate against a strict pattern (e.g., /^[a-z0-9_-]+$/). 3) The runner forwards its full context (tools, sessions) to the invoked skill — limit the context or use capability-scoped proxies so untrusted skills can't access more than they need. 4) Run this skill as a least-privileged user and ensure the runtime cannot read sensitive files from the filesystem; avoid running as root. 5) Ask the author to remove the hard-coded username path, add input sanitization, implement an allowlist, and document exactly which capabilities are passed to invoked skills. If you cannot confirm these changes, consider this skill risky and avoid installing it on production or multi-tenant systems.
Capability Analysis
Type: OpenClaw Skill
Name: skill-runner
Version: 1.0.0
The skill implements dynamic code execution by importing and running arbitrary JavaScript files based on user-provided input in index.js. It is highly vulnerable to path traversal because the 'skillToRun' parameter is not sanitized before being used to construct a file path, allowing potential execution of any 'index.js' file on the filesystem. While the stated purpose is to facilitate cron jobs, the combination of dynamic imports, lack of input validation, and a hardcoded absolute path (/home/bosunjung/) represents a significant security risk.
Capability Assessment
Purpose & Capability
The skill's goal (invoke another skill's exported skill() function with the same context) is consistent with its name and description, but the implementation uses a hard-coded absolute path (/home/bosunjung/.openclaw/workspace/skills) and will attempt to import arbitrary files. The hard-coded username path is unexpected and likely incorrect for most installations. Allowing arbitrary skill names to resolve to filesystem paths is broader than the description implies.
Instruction Scope
SKILL.md promises a 'secure' proxy that passes a context object to a target skill. The code indeed forwards the full context to the imported skill, but there is no validation, allowlist, or sanitization of the requested skill name. This enables directory traversal (e.g., '../') and arbitrary local module execution, and it grants the target skill the same tools/privileges the runner has — behavior that is potentially dangerous and not mitigated by the instructions.
Install Mechanism
No install spec and no external downloads are present; the skill is instruction/code-only. That minimizes supply-chain install risk. The included index.js should still be reviewed and audited before use.
Credentials
The skill declares no environment variables or credentials (which is proportionate). However, it accesses the host filesystem at an absolute path and dynamically imports local modules; filesystem access is implicit and broad. The hard-coded path is suspicious and may expose unintended files if the runtime user has wide filesystem permissions.
Persistence & Privilege
always is false and the skill doesn't request special platform privileges. However, because it can be invoked (cron payloads or other agentTurn messages) to execute arbitrary local code and passes its own context into that code, it effectively widens the blast radius of any skill that can be invoked through it. That makes message-source validation and allowlisting important.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-runner - After installation, invoke the skill by name or use
/skill-runner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Skill Runner – a tool to trigger other OpenClaw skills via scheduled or indirect invocation.
- Enables secure, dynamic execution of skill functions based on incoming messages.
- Passes full context (tools, session) to the target skill.
- Designed for use with cron jobs or similar agentTurn triggers.
- Standard message-based interface (e.g., run <skill-name>).
Metadata
Frequently Asked Questions
What is Skill Runner?
Enables secure execution of specified OpenClaw skills via cron jobs by forwarding agentTurn messages and passing the necessary context. It is an AI Agent Skill for Claude Code / OpenClaw, with 116 downloads so far.
How do I install Skill Runner?
Run "/install skill-runner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Runner free?
Yes, Skill Runner is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Runner support?
Skill Runner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Runner?
It is built and maintained by xpneuma (@xpneuma); the current version is v1.0.0.
More Skills