← 返回 Skills 市场

RedHat Command Execution

Name: RedHat Command Execution
Author: mzfshark

作者 Mauricio Z. · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install axodus-command-execution

功能描述

Execute terminal commands safely with preflight checks and risk gating.

使用说明 (SKILL.md)

SKILL: command-execution

Purpose

Execute terminal commands safely with deterministic preflight checks, risk classification, and auditable outputs.

When to Use

Running tests, builds, linters, or migrations.
Inspecting the repo (search, list files, check versions).
Any command execution that could affect the environment.

Inputs

command (required, string): exact command to run.
purpose (required, string): why this command is needed.
expected_effects (optional, string[]): what should happen (files created, tests run).
risk_level (optional, enum: low|medium|high): if known.

Steps

Classify command risk:
- read-only (safe)
- write (moderate)
- destructive/network/system (high)
Block/require confirmation for high-risk patterns:
- recursive deletes (rm -rf, Remove-Item -Recurse -Force)
- format/disk ops
- piping remote scripts (curl ... | sh)
If supported, prefer dry-run flags first (e.g., --dry-run, -n, --check).
Execute the command and capture:
- exit code
- stdout/stderr
- elapsed time (if available)
Interpret results against expected_effects.
If command failed:
- stop
- summarize error
- propose next diagnostic steps

Validation

Exit code is checked (not ignored).
Output is summarized with the relevant error lines.
Side effects match expectation (no surprise modifications).

Output

command: "\x3Ccommand>"
purpose: "\x3Cpurpose>"
result: "success|blocked|failed"
exit_code: \x3Cint|null>
highlights: ["\x3Ckey output lines>"]
next_steps: ["..."]

Safety Rules

Never run destructive commands without explicit user confirmation.
Never run unknown installers or remote scripts without review.
Prefer minimal, scoped commands (avoid global state changes).

Example

Run tests:

command: pnpm test
purpose: â€œValidate behavior after refactorâ€
Output: exit code + failing test names + next diagnostic step.

安全使用建议

This skill's behavior (safe command execution with preflight checks) is coherent and instruction-only (no downloads or env access). However, the package contains inconsistent metadata and branding that suggest it may not come from the claimed 'RedHat' source. Before installing: - Confirm the publisher: verify the owner ID and homepage outside the registry (contact source or use an official Red Hat channel if you expect an official Red Hat skill). - Inspect the SKILL.md yourself and ensure the agent will prompt for explicit confirmation before running any high-risk command; do not rely on the skill's text alone. - Test the skill in an isolated environment (throwaway VM or container) before running on sensitive systems. - Refuse or remove skills that impersonate known vendors or have inconsistent/garbled metadata (e.g., differing slugs, placeholder fields like 'System.Object[]'). If you need this functionality but cannot verify the publisher, consider implementing similar guarded command-execution logic locally or using a vetted plugin from a trusted source.

功能分析

Type: OpenClaw Skill Name: axodus-command-execution Version: 1.0.0 The skill bundle defines a framework for an AI agent to execute terminal commands with explicit safety guardrails. The instructions in SKILL.md and command-execution.md prioritize risk classification, blocking destructive patterns (e.g., 'rm -rf', 'curl | sh'), and requiring user confirmation for high-risk actions. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found.

能力评估

ℹ Purpose & Capability

The declared purpose — running terminal commands with preflight checks and gating — aligns with the SKILL.md instructions. The skill requests no binaries, env vars, or installs, which is proportionate for an instruction-only command-execution helper. However, there are metadata inconsistencies: registry owner (kn741...) differs from _meta.json ownerId (redhat-agent-001), the public slug (axodus-command-execution) differs from _meta.json slug (command-execution), and the human-facing name includes 'RedHat' while source/homepage are unknown. These mismatches suggest potential impersonation or sloppy packaging that should be validated with the publisher.

✓ Instruction Scope

The SKILL.md is narrowly scoped: it classifies risk, blocks high-risk patterns, prefers dry-runs, captures exit code/stdout/stderr, and requires explicit confirmation for destructive commands. It does not instruct the agent to read unrelated system files, environment variables, or to exfiltrate data to external endpoints. One minor gap: the file relies on the agent or user to provide explicit confirmation flows (it says 'Never run destructive commands without explicit user confirmation') but does not define how confirmations are obtained/audited; implementers should ensure the agent prompts the user and logs consent.

✓ Install Mechanism

No install spec or code is included (instruction-only), so nothing is downloaded or written to disk by the skill itself — this is the lowest-install risk profile.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths, which is appropriate for a pure instruction-only command-execution helper. The SKILL.md likewise does not reference hidden environment variables or external tokens.

✓ Persistence & Privilege

always is false and the skill is user-invocable; autonomous invocation is allowed (platform default) but not combined with elevated privileges or persistent system modifications in this package. There is no evidence the skill modifies other skills or system-wide settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install axodus-command-execution
安装完成后，直接呼叫该 Skill 的名称或使用 /axodus-command-execution 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of command-execution skill for safe, auditable command runs. - Supports executing terminal commands with preflight risk checks and gating. - Requires specifying both the command and its purpose. - Classifies and blocks high-risk operations (e.g., recursive deletes, remote scripts) unless explicitly confirmed. - Preferentially uses dry-run flags to reduce risk. - Captures and summarizes results, checks expected effects, and proposes diagnostics on failure. - Enforces safety rules—no destructive or remote-script commands without explicit user review.

元数据

Slug axodus-command-execution

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题