← Back to Skills Marketplace
OpenExec — Deterministic Execution Boundary for Agent Systems
by
trendinghot
· GitHub ↗
· v0.1.10
888
Downloads
2
Stars
5
Active Installs
10
Versions
Install in OpenClaw
/install openexec-skill
Description
Source-distributed deterministic execution service with pinned dependencies. Runs only with a signed approval artifact (ClawShield mode) and emits verifiable...
Usage Guidance
This skill appears to implement what it claims. Consider the following before installing:
- Deploy behind a firewall or bind to localhost (the provided run script binds 0.0.0.0 which exposes the service publicly).
- Protect any CLAWSHIELD_PUBLIC_KEY and CLAWSHIELD_TENANT_ID values and ensure you only set OPENEXEC_DB_URL to trusted DB endpoints (a remote DB will create outbound network I/O).
- Configure OPENEXEC_ALLOWED_ACTIONS to limit registered handlers in production and audit any additional handlers you add to the code.
- Run inside a container/VM and avoid running as root since registered handlers run with the process's privileges — the project explicitly states it is an application-layer boundary, not an OS sandbox.
- The repo includes test utilities that mint test keys; do not use test keys in production.
If you want higher assurance, review any handlers you add and perform an operational hardening checklist (network binding, TLS, logging/rotation, backups).
Capability Analysis
Type: OpenClaw Skill
Name: openexec-skill
Version: 0.1.10
The OpenExec skill bundle is designed as a security boundary for AI systems, enforcing deterministic execution, replay protection, and cryptographically signed approvals. The code implements these features robustly, using strong cryptography (Ed25519) and a static action registry. Documentation (SKILL.md, README.md, SECURITY.md) is highly transparent about its security model, limitations (e.g., no OS-level sandboxing), and operator responsibilities. There is no evidence of malicious intent, data exfiltration, backdoors, or prompt injection attempts against the AI agent. The skill's core purpose is to *govern* execution, not to perform unauthorized actions, and it explicitly avoids dynamic code loading or execution of user-supplied code.
Capability Assessment
Purpose & Capability
Name/description match the code and runtime instructions: the package implements a deterministic execution service, Ed25519 approval verification, replay protection, receipts, and a static action registry. There are no unrelated credentials, binaries, or surprising capabilities in the repo.
Instruction Scope
SKILL.md and README state 'no outbound HTTP/RPC during execution' and the code respects that (no network calls except optional DB via OPENEXEC_DB_URL). Note: the service exposes inbound HTTP endpoints (intended) and scripts/run.sh binds 0.0.0.0 (public) while docs recommend binding to localhost; operator should pay attention to binding and firewall configuration before deployment.
Install Mechanism
No installer in the registry metadata but the project is source-distributed with a requirements.txt and simple pip-based install steps. No downloads from untrusted URLs or archive extraction; dependencies are pinned in requirements.txt.
Credentials
No required secret environment variables; optional env vars (CLAWSHIELD_PUBLIC_KEY, CLAWSHIELD_TENANT_ID, OPENEXEC_ALLOWED_ACTIONS, OPENEXEC_DB_URL) are appropriate for the documented functionality. The code documents that OPENEXEC_DB_URL may enable outbound DB network I/O.
Persistence & Privilege
Skill writes execution records to a local SQLite DB by default (sqlite:///openexec.db) and stores receipts — expected for this service. always:false and no cross-skill configuration modifications. Operators must still isolate runtime (container/VM) and avoid running as root because handlers execute with host process privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openexec-skill - After installation, invoke the skill by name or use
/openexec-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.10
## Summary:
Security and documentation improvements; no runtime behavior changes.
- Added explicit statement of execution safety guarantees (no dynamic loading, no runtime downloads, no code eval) to SKILL.md.
- Enhanced SECURITY.md with clarified safety model and operator responsibilities.
- Documentation files updated to emphasize static handler registry and immutable runtime.
- No changes to service endpoints, environment variables, or execution logic.
v0.1.9
OpenExec 0.1.9 adds stricter supply chain controls and clarifies its offline, deterministic execution model.
- Adds a security disclaimer: "No runtime package installation or dynamic downloads occur. All dependencies must be source-distributed and pinned."
- Updates documentation (README.md, SKILL.md, replit.md) to emphasize source-based, immutable dependency handling and removal of any runtime pip usage.
- Clarifies that OpenExec performs fully offline verification and dependency management, further reducing supply chain risk.
- No changes to endpoints or runtime behavior.
v0.1.8
OpenExec v0.1.8
- Added SECURITY.md with security model, threat assumptions, and production hardening guidance.
- Updated documentation (README.md, SKILL.md, replit.md) to reference SECURITY.md and clarify security responsibilities.
- No breaking changes to execution logic or API endpoints.
v0.1.7
OpenExec 0.1.7
- Updated documentation in README.md, SKILL.md, and replit.md for clarity and usage guidance.
- No behavioral or API changes; execution logic and endpoints remain unchanged.
- Version bump to 0.1.7 for alignment with documentation updates.
- requirements.txt and main.py may include minor updates but no breaking changes.
v0.1.6
- Updated version to 0.1.6.
- Clarified skill does not perform outbound HTTP/RPC calls during execution (updated SKILL.md metadata).
- No functional or API changes; documentation improvements only.
v0.1.5
- Clarified that OpenExec makes no outbound HTTP, RPC, or governance calls during execution or verification; all checks are fully offline.
- Updated the description and documentation to note that outbound database network I/O occurs only if a networked DB is explicitly configured by the operator.
- Revised wording throughout to specify "no outbound HTTP or governance calls" instead of "no outbound network calls."
- No code or logic changes; documentation updates only.
v0.1.4
OpenExec v0.1.4
- Clarified that all verification and execution are fully offline, with no outbound network calls.
- Updated environment variable handling: all variables are now optional for demo mode and OPENEXEC_DB_URL was added for execution record persistence.
- Improved endpoint descriptions and health/status details.
- Expanded documentation on security boundaries and clarified operational modes.
- Updated governance integration notes, emphasizing separation of ClawShield SaaS.
v0.1.2
Initial public release with core governed execution features.
- Implements a deterministic execution engine with two modes: demo and ClawShield (signed approvals).
- Accepts only pre-approved actions and enforces replay protection (nonce/action hash).
- Produces verifiable receipt hashes for every execution attempt.
- Supports standalone operation (demo) and ClawShield governance mode (offline signature verification).
- Includes health, readiness, version, execution, and receipt verification HTTP endpoints.
- Provides sample configuration files, scripts, and demonstration tests.
v0.1.1
- Migrated SKILL.md to the new skill manifest format with structured metadata (name, slug, entrypoint, env vars, modes).
- Expanded documentation with install, quickstart, endpoint, and mode instructions.
- Clarified operation in both demo and ClawShield (governed) modes, including required environment variables.
- Explained receipt generation and verification.
- Separated feature lists for clear description of what the skill does and does not do.
- Provided concise architecture context for the overall governed execution system.
v0.1.0
Initial release of OpenExec: a governed deterministic execution engine for AI agents.
- Enforces strict governance: actions require explicit approval via ClawShield before execution.
- Deterministic, auditable execution; generates immutable execution receipts recorded through ClawLedger.
- Separates reasoning, authorization, and execution into distinct, replaceable layers.
- Accepts structured execution requests and returns status, execution ID, and receipt hash.
- Does not define policy, grant permission, or self-authorize actions.
Metadata
Frequently Asked Questions
What is OpenExec — Deterministic Execution Boundary for Agent Systems?
Source-distributed deterministic execution service with pinned dependencies. Runs only with a signed approval artifact (ClawShield mode) and emits verifiable... It is an AI Agent Skill for Claude Code / OpenClaw, with 888 downloads so far.
How do I install OpenExec — Deterministic Execution Boundary for Agent Systems?
Run "/install openexec-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenExec — Deterministic Execution Boundary for Agent Systems free?
Yes, OpenExec — Deterministic Execution Boundary for Agent Systems is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenExec — Deterministic Execution Boundary for Agent Systems support?
OpenExec — Deterministic Execution Boundary for Agent Systems is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenExec — Deterministic Execution Boundary for Agent Systems?
It is built and maintained by trendinghot (@trendinghot); the current version is v0.1.10.
More Skills