← 返回 Skills 市场
Code Executor
作者
Miguel Guerra
· GitHub ↗
· v1.0.0
1702
总下载
0
收藏
13
当前安装
1
版本数
在 OpenClaw 中安装
/install code-executor
功能描述
Ejecuta código Python, JavaScript, Bash dinámicamente. El bot puede crear y ejecutar código al vuelo.
使用说明 (SKILL.md)
Code Executor (Ejecutor de Código) 🔥
PODER INFINITO. El bot puede escribir y ejecutar código para resolver cualquier problema.
¿Qué Hace?
Si el bot necesita hacer algo que no tiene una skill:
- Escribe el código necesario
- Lo ejecuta en un sandbox
- Retorna el resultado
Comandos
# Ejecutar código directamente
run python "print('Hello World')"
run js "console.log(2+2)"
run bash "ls -la"
# Ejecutar archivo
run ~/script.py
execute ~/automation.js
# El bot decide qué código escribir
solve "calcula el factorial de 100"
compute "genera 10 números primos"
Ejemplo Real
Usuario: calcula cuántos días faltan para mi cumpleaños (15 de marzo)
Bot: ⚡ Necesito calcular esto...
📝 Código generado:
```python
from datetime import date
today = date.today()
birthday = date(today.year, 3, 15)
if birthday \x3C today:
birthday = date(today.year + 1, 3, 15)
days = (birthday - today).days
print(f"Faltan {days} días para tu cumpleaños")
```
⚡ Ejecutando...
✅ Resultado:
Faltan 40 días para tu cumpleaños (15 de marzo, 2026)
Resolución de Problemas
Usuario: necesito renombrar 500 archivos agregando la fecha
Bot: ⚡ Generando script...
```python
import os
from datetime import datetime
folder = "/ruta/a/archivos"
date_str = datetime.now().strftime("%Y%m%d")
for filename in os.listdir(folder):
name, ext = os.path.splitext(filename)
new_name = f"{date_str}_{name}{ext}"
os.rename(
os.path.join(folder, filename),
os.path.join(folder, new_name)
)
print(f"Renamed: {filename} -> {new_name}")
```
⚠️ Este script renombrará 500 archivos.
¿Ejecutar? [Sí] [Ver preview] [Cancelar]
Lenguajes Soportados
| Lenguaje | Runtime |
|---|---|
| Python | python3 |
| JavaScript | node |
| TypeScript | ts-node |
| Bash | bash/sh |
| SQL | sqlite3 |
Modo Interactivo
Usuario: abre un REPL de Python
Bot: ⚡ Python REPL iniciado:
>>>
Usuario: import math; math.pi
Bot: >>> import math; math.pi
3.141592653589793
Usuario: exit
Bot: ⚡ REPL cerrado
Instalación de Dependencias
Usuario: necesito usar pandas para analizar este CSV
Bot: ⚡ pandas no está instalado
¿Instalar pandas? [Sí] [No]
Usuario: sí
Bot: ⚡ pip install pandas
✅ pandas instalado
Continuando con el análisis...
Seguridad
CODE_SANDBOX=true # Ejecutar en sandbox
CODE_TIMEOUT=30 # Timeout en segundos
CODE_ALLOW_NETWORK=false # Bloquear red por defecto
CODE_ALLOW_FILESYSTEM=read # Solo lectura por defecto
CODE_REQUIRE_CONFIRM=true # Confirmar antes de ejecutar
Casos de Uso
- Cálculos complejos que no tiene ninguna skill
- Transformación de datos personalizada
- Automatizaciones únicas que no ameritan una skill
- Prototipado rápido de soluciones
- Debugging y testing
安全使用建议
This skill legitimately does what it says (generate and run code), but that ability is powerful and risky unless the platform enforces a real sandbox. Before installing: (1) Confirm your platform will enforce CODE_SANDBOX, CODE_TIMEOUT, CODE_ALLOW_NETWORK, CODE_ALLOW_FILESYSTEM and not just rely on the skill's text; (2) Require the skill to always ask for explicit user confirmation before executing scripts that modify files or install packages; (3) Block network access by default and only enable it for trusted, short-lived tasks; (4) Avoid granting it autonomous invocation if you don't want it to run code without a user-in-the-loop; (5) If you must use it, run it in an isolated test environment first and audit logs for executed commands and installed packages. The skill's mention of sandbox controls without declaring them in metadata is an inconsistency worth clarifying with the publisher.
功能分析
Type: OpenClaw Skill
Name: code-executor
Version: 1.0.0
This skill bundle is designed for dynamic code execution across multiple languages (Python, JavaScript, Bash, SQL), which is inherently high-risk. Key suspicious capabilities include direct Bash command execution (`run bash "ls -la"`), the ability to install arbitrary dependencies (`pip install pandas`), and file system interaction (e.g., `os.rename` in the 'Resolución de Problemas' example). While the `SKILL.md` explicitly states security controls like `CODE_SANDBOX=true`, `CODE_ALLOW_NETWORK=false`, and `CODE_ALLOW_FILESYSTEM=read`, the effectiveness of these platform-level controls is external to this analysis. Furthermore, the `os.rename` example contradicts the stated `CODE_ALLOW_FILESYSTEM=read` default, raising concerns about potential file write access. The ability to install arbitrary packages via `pip` presents a significant supply chain risk.
能力评估
Purpose & Capability
The name/description (dynamic code execution in Python/JS/Bash) matches the SKILL.md: it describes generating code, running files, REPLs, and installing runtime deps. That capability legitimately needs access to language runtimes and possibly the filesystem for file-based scripts. However, the SKILL.md references runtime guards (CODE_SANDBOX, CODE_ALLOW_NETWORK, etc.) that are not declared in the registry metadata, which is an inconsistency.
Instruction Scope
Instructions explicitly tell the agent to generate and execute arbitrary code, run scripts from home paths (e.g., run ~/script.py), rename files under arbitrary folders, and install packages with pip. These actions involve reading/writing the local filesystem, executing arbitrary processes, and pulling code from package registries — all high-scope operations. The doc says network access is blocked by default but can be toggled, and confirmations are suggested but not enforced by any declared mechanism.
Install Mechanism
There is no install spec (instruction-only skill), which minimizes disk infection risk from an installer. However, the runtime instructions permit the agent to run package managers (pip, ts-node/npm, sqlite3) to install dependencies at runtime — this allows arbitrary third-party code from package registries to be installed and executed, which is a moderate operational risk if not sandboxed.
Credentials
The SKILL.md enumerates environment controls (CODE_SANDBOX, CODE_TIMEOUT, CODE_ALLOW_NETWORK, CODE_ALLOW_FILESYSTEM, CODE_REQUIRE_CONFIRM) but the skill metadata lists no required env vars or primary credential. That mismatch means the skill expects platform-level env controls that are not declared here; it's unclear who enforces them. The skill itself can read files and run commands without declaring any permission boundaries.
Persistence & Privilege
always:false (normal). The skill is user-invocable and allows model invocation, which is standard. Still, because it enables autonomous code execution, giving it unrestricted autonomous invocation would increase risk — consider restricting autonomous use or requiring explicit user confirmation for all code runs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install code-executor - 安装完成后,直接呼叫该 Skill 的名称或使用
/code-executor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Primera versión publicada de “code-executor”.
- Permite al bot crear, ejecutar y mostrar código Python, JavaScript, Bash, TypeScript y SQL de forma dinámica.
- Soporta comandos directos como run/execute con scripts o código en línea.
- Incluye modo interactivo tipo REPL y gestión de dependencias.
- Incorpora medidas de seguridad (sandbox, timeout, bloqueo de red, permisos de filesystem).
- Útil para cálculos complejos, automatizaciones y prototipado rápido.
元数据
常见问题
Code Executor 是什么?
Ejecuta código Python, JavaScript, Bash dinámicamente. El bot puede crear y ejecutar código al vuelo. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1702 次。
如何安装 Code Executor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install code-executor」即可一键安装,无需额外配置。
Code Executor 是免费的吗?
是的,Code Executor 完全免费(开源免费),可自由下载、安装和使用。
Code Executor 支持哪些平台?
Code Executor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Code Executor?
由 Miguel Guerra(@miguelguerra200022-sudo)开发并维护,当前版本 v1.0.0。
推荐 Skills