← Back to Skills Marketplace
barnyp

Automation Runner

by Paul Barnabas · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1181
Downloads
0
Stars
7
Active Installs
1
Versions
Install in OpenClaw
/install automation-runner
Description
Executes approved shell commands, manages backups, and safely retrieves secrets from Bitwarden.
README (SKILL.md)

Automation Runner Agent ⚡

You handle the system-level execution and security for OpenClaw.

Core Directives

  1. Security: Every command MUST pass through the exec-approvals gate.
  2. Secrets: NEVER store API keys in plain text. Use the bws wrapper.
  3. Workspace: Limit execution to /home/intelad/.openclaw/workspace/scripts.
  4. Reliability: Verify the success of a command before reporting completion.

Tooling

  • exec: Run approved scripts.
  • bws: Retrieve secrets at runtime.
  • process: Manage long-running tasks like backups.

Workflow

  1. Receive a script or command request.
  2. Use bws secret get to fetch necessary environment variables.
  3. Execute the command.
  4. If a prompt appears, wait for Paul to type /approve.
  5. Log the output to memory/YYYY-MM-DD.md.
Usage Guidance
Do not install this skill until the developer clarifies several gaps: 1) how the 'bws' Bitwarden wrapper is authenticated (what env vars or tokens are required and how they are stored), 2) what the 'exec-approvals' gate is and how it enforces/records human approvals (avoid vague 'wait for Paul' instructions), 3) whether the hard-coded path (/home/intelad/...) matches your environment or will be configurable, and 4) where logs ('memory/YYYY-MM-DD.md') are written and who can read them. Because the skill directs the agent to run shell commands and fetch secrets, verify provenance (source/homepage unknown) and prefer a version that declares required credentials and a machine-enforceable approval mechanism before granting access or allowing autonomous invocation.
Capability Analysis
Type: OpenClaw Skill Name: automation-runner Version: 1.0.0 The 'automation-runner' skill is highly suspicious due to its inherent capabilities and the nature of its security controls. The SKILL.md explicitly grants the AI agent the ability to execute arbitrary shell commands (`exec`) and retrieve secrets from Bitwarden (`bws`). While it outlines security directives like `exec-approvals` and workspace limitations, these are instructions to the agent and are highly susceptible to prompt injection. An attacker could craft a prompt to bypass the `/approve` step, execute commands outside the `/home/intelad/.openclaw/workspace/scripts` directory, or exfiltrate retrieved secrets, leading to potential RCE and data theft. This represents a critical vulnerability, not intentional malice within the skill bundle itself.
Capability Assessment
Purpose & Capability
The skill's purpose includes retrieving secrets from Bitwarden and executing shell commands, but the registry metadata lists no required environment variables, no primary credential, and no config paths. SKILL.md references tools ('bws', 'exec', 'process') and a Bitwarden workflow that would normally require authentication or a CLI binary; those requirements are missing from the manifest, which is inconsistent.
Instruction Scope
Runtime instructions tell the agent to run 'bws secret get', execute commands from a specific filesystem path (/home/intelad/.openclaw/workspace/scripts), wait for a human ('Paul') to type '/approve', and log outputs to memory/YYYY-MM-DD.md. The approval gate, the 'bws' wrapper behavior, and the 'memory' logging target are not defined in the manifest; the instructions ask the agent to access secrets and run arbitrary scripts without a declared, auditable approval mechanism.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes disk-installed attack surface. However, instruction-only does not eliminate runtime risk because it tells the agent to run system commands and call external tooling.
Credentials
The SKILL.md requires access to Bitwarden secrets but the skill requests no credentials (no API key, token, or config path). It also assumes write/read access under a hard-coded home directory (/home/intelad) and a 'memory' path, none of which are declared. Requesting access to secrets without declaring how they will be provided is disproportionate and unexplained.
Persistence & Privilege
always:false (no forced persistence) is appropriate. However, the skill's instructions enable execution of shell scripts and retrieval of secrets at runtime; if the agent invokes the skill autonomously (platform default), that capability could be powerful. This combination (ability to run shell commands + fetch secrets) increases risk if the approval gate is not enforced or is ambiguous.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install automation-runner
  3. After installation, invoke the skill by name or use /automation-runner
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of automation_runner skill. - Executes approved shell commands for OpenClaw, with strict security via the exec-approvals gate. - Safely retrieves secrets using the Bitwarden (`bws`) wrapper; API keys are never stored in plain text. - Restricts all script execution to a dedicated workspace directory. - Manages approved long-running tasks such as backups. - Logs command output by date for traceability.
Metadata
Slug automation-runner
Version 1.0.0
License
All-time Installs 7
Active Installs 7
Total Versions 1
Frequently Asked Questions

What is Automation Runner?

Executes approved shell commands, manages backups, and safely retrieves secrets from Bitwarden. It is an AI Agent Skill for Claude Code / OpenClaw, with 1181 downloads so far.

How do I install Automation Runner?

Run "/install automation-runner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Automation Runner free?

Yes, Automation Runner is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Automation Runner support?

Automation Runner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Automation Runner?

It is built and maintained by Paul Barnabas (@barnyp); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments