← 返回 Skills 市场
Tool:
534
总下载
0
收藏
11
当前安装
1
版本数
在 OpenClaw 中安装
/install claw-shell-1-0-0
功能描述
Runs shell commands exclusively inside tmux session 'claw', captures output, and requests confirmation for potentially destructive commands.
使用说明 (SKILL.md)
claw-shell
ALWAYS USES TMUX SESSION claw.
PURPOSE
- RUN SHELL COMMANDS INSIDE TMUX SESSION
claw - NEVER TOUCH ANY OTHER SESSION
- READ OUTPUT BACK TO THE AGENT
INTERFACE
Tool: claw_shell_run
Inputs:
command(string, required): shell command to run inside sessionclaw.
Behavior:
- Attach to tmux session
claw(create it if missing:tmux new -s claw -d). - Send the command followed by Enter.
- Capture the latest pane output.
- Return the captured output to the agent.
SAFETY
- DO NOT RUN:
sudorm(without explicit user approval)reboot,shutdown, or destructive system-level commands
- IF THE COMMAND CONTAINS ANY OF THE ABOVE:
- ASK USER FOR CONFIRMATION BEFORE EXECUTING.
EXAMPLES
-
SAFE:
ls -labird read https://x.com/...git status
-
DANGEROUS (ASK FIRST):
rm -rf ...docker system prune -achmod -R ...
安全使用建议
This skill appears to do what it says, but do not install it without review because of implementation issues: (1) it implicitly requires the 'tmux' binary but doesn't declare it; (2) handler.js constructs shell commands with only double-quote escaping, allowing shell interpolation (backticks/$(...)/$vars) to be executed by the local shell when execSync runs — that can execute payloads on the host outside tmux and prior to any user confirmation; (3) the dangerous-command check is simplistic and may miss other harmful inputs; and (4) the ownerId in _meta.json doesn't match the registry metadata (possible repackaging). If you plan to use this skill: run it in a safe/test environment first, ask the author to (a) declare tmux as a required binary, (b) fix sendCommand to avoid shell interpretation (use execFile/spawn with args or properly escape/disable shell evaluation), and (c) strengthen dangerous-command detection or enforce an explicit prompt/approval step before any local execution. If you cannot validate those fixes, treat the skill as untrusted and avoid using it on production or sensitive machines.
功能分析
Type: OpenClaw Skill
Name: claw-shell-1-0-0
Version: 1.0.0
This skill is highly suspicious due to its core functionality of executing arbitrary shell commands via `execSync` in `handler.js`. It contains a critical shell injection vulnerability in the `sendCommand` function, where user-provided commands are passed directly to `tmux send-keys` without adequate shell-level sanitization, allowing for arbitrary command execution. Furthermore, the `isDangerous` function, intended as a safety mechanism, relies on an easily bypassable blacklist, which allows dangerous commands (e.g., `curl`, `wget`, `cat /etc/passwd`) to be executed without triggering the user confirmation prompt specified in `SKILL.md`, effectively bypassing the agent's safety instructions. The `readOutput` function also captures and returns the output of these commands, enabling potential data exfiltration.
能力评估
Purpose & Capability
The skill's code implements the advertised behavior (runs commands in a tmux session named 'claw' and captures output). However the registry metadata and _meta.json ownerId values differ (possible repackaging) and the skill implicitly requires the 'tmux' binary but does not declare it in required binaries.
Instruction Scope
SKILL.md confines activity to the 'claw' tmux session and requires user confirmation for dangerous commands; the handler returns an error to force confirmation, which is coherent. However, sendCommand builds a shell string and only escapes double quotes — it does not prevent shell interpolation (backticks, $(...), $ expansion, etc.). Because execSync runs via the system shell, portions of the supplied command can be executed locally during the send-keys call (before being run inside tmux and before any user confirmation), which contradicts the 'never touch any other session' / safe execution intent. The dangerous-command detection is simple and can be bypassed for commands that do harmful things but don't contain the tracked keywords.
Install Mechanism
No install spec (instruction-only with an included handler.js). Low install risk. Note: runtime depends on Node and tmux being present but tmux is not declared.
Credentials
The skill requests no environment variables or secrets, which is proportionate to its stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges or modify other skills' configuration. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install claw-shell-1-0-0 - 安装完成后,直接呼叫该 Skill 的名称或使用
/claw-shell-1-0-0触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of claw-shell:
- Runs shell commands exclusively inside a dedicated tmux session named "claw".
- Captures and returns output from commands run in the session.
- Ensures safety by restricting dangerous commands (e.g., sudo, rm, reboot) unless explicit user confirmation is received.
- Provides a clear interface for running commands and handling approval for risky actions.
元数据
常见问题
Claw Shell 1.0.0 是什么?
Runs shell commands exclusively inside tmux session 'claw', captures output, and requests confirmation for potentially destructive commands. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 534 次。
如何安装 Claw Shell 1.0.0?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install claw-shell-1-0-0」即可一键安装,无需额外配置。
Claw Shell 1.0.0 是免费的吗?
是的,Claw Shell 1.0.0 完全免费(开源免费),可自由下载、安装和使用。
Claw Shell 1.0.0 支持哪些平台?
Claw Shell 1.0.0 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Claw Shell 1.0.0?
由 shiny(@zlshiny)开发并维护,当前版本 v1.0.0。
推荐 Skills