← 返回 Skills 市场
jinhuadeng

Command Guardian

作者 Koi · GitHub ↗ · v1.3.2 · MIT-0
cross-platform ✓ 安全检测通过
150
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install command-guardian
功能描述
Preflight safety guard for shell and infrastructure commands. Use before running commands that delete, overwrite, move, deploy, rewrite git history, change p...
使用说明 (SKILL.md)

Command Guardian

Use this skill before executing commands with non-trivial side effects.

It classifies risk, checks targets against workspace boundaries, looks for obvious secret leakage, inspects compound and nested shell commands, adds lightweight git context when available, and produces rollback guidance before the command is run.

Workflow

  1. Normalize the command, working directory, and allowed roots.
  2. Run the preflight script with one of these input modes:
python {baseDir}/scripts/preflight.py --command "\x3Craw command>" --cwd "\x3Cworking dir>" --allowed-root "\x3Cworkspace root>" --format json

python {baseDir}/scripts/preflight.py --command-file command.txt --cwd "\x3Cworking dir>" --allowed-root "\x3Cworkspace root>" --format json

echo '\x3Craw command>' | python {baseDir}/scripts/preflight.py --cwd "\x3Cworking dir>" --allowed-root "\x3Cworkspace root>" --format json
  1. Read the report and respond by risk level:
  • low: proceed if the command still matches user intent
  • medium: explain the risk briefly and tighten the command if a safer rewrite is obvious
  • high: do not execute blindly; show why, provide a safer version, and require explicit confirmation
  • critical: stop automatic execution; narrow scope, strip secrets, or stage the operation before retrying
  1. Always surface:
  • Risk:
  • Why:
  • Safer rewrite:
  • Rollback:
  • Need approval: yes/no

If safer_commands are available, show them before execution. If the user only asks for analysis, stop at the review. If the user asks to proceed, use the report to tighten the command before execution.

Default Policy

  • Treat inline secrets as at least high risk. If the command embeds active credentials, treat it as critical.
  • Treat destructive operations on broad targets such as ., .., /, drive roots, wildcard-only paths, or repo roots as critical.
  • Treat git push --force, git reset --hard, docker system prune, kubectl delete, and terraform apply/destroy as requiring rollback guidance before execution.
  • Treat curl | sh and similar download-and-execute patterns as critical unless the script is pinned, inspected, and verified.
  • Treat compound commands by the highest-risk segment, not by the first visible token.
  • If the current git branch is main or master, raise the review bar for destructive git commands.

Scripts

Use these scripts directly:

  • scripts/preflight.py Main entrypoint. Supports --command, --command-file, or stdin. Runs command classification, path checks, secret detection, context checks, rollback hint generation, and safer-action suggestions.

  • scripts/classify_command.py Labels command risk and categories such as write, destructive, privileged, and production-impacting.

  • scripts/path_guard.py Resolves candidate paths relative to --cwd, checks whether they escape allowed roots, and flags broad deletion targets.

  • scripts/secret_guard.py Detects obvious inline secrets such as bearer tokens, JWTs, AWS keys, GitHub PATs, and suspicious key/value pairs.

  • scripts/rollback_hints.py Produces rollback and pre-change backup guidance for git, kubectl, terraform, docker, npm, and destructive file operations.

References

Read these only when needed:

  • references/risk-rules.md Risk rubric, approval thresholds, and examples of broad targets and secret exposure.

  • references/tool-patterns.md Tool-specific review notes for git, docker, kubectl, terraform, curl/wget, npm/pip/cargo, and file operations.

Response Template

Use this shape in your answer:

Risk: high
Why:
- rewrites shared git history
- no rollback checkpoint was created

Safer commands:
- git branch backup/pre-force-push-main HEAD
- git push --force-with-lease origin main

Safer rewrite:
- create a backup branch first
- use force-with-lease instead of plain force

Rollback:
- git reflog
- restore backup branch if remote history breaks collaborators

Need approval: yes
安全使用建议
This skill appears coherent and implements what it promises, but review the bundled scripts before enabling them in an automated agent. Notes to consider before installing: (1) It executes locally via Python and may call subprocesses (e.g., git) and read filesystem paths — ensure the agent supplies a restrictive --allowed-root and appropriate --cwd so the checker only examines intended workspaces. (2) No external downloads or credentials are required, but you should still inspect scripts (guardlib.py, secret_guard.py, preflight.py) if you need higher assurance. (3) If you do not want automated agents to run preflight checks autonomously, restrict model/skill invocation in your policy; otherwise the skill can be invoked by the agent when it decides to run a risky command. (4) Run the included tests locally to validate behavior in your environment before granting broad trust.
功能分析
Type: OpenClaw Skill Name: command-guardian Version: 1.3.2 The 'command-guardian' skill is a defensive utility designed to analyze shell and infrastructure commands for risks such as destructive operations, secret leakage, and path escapes before execution. The core logic in `scripts/guardlib.py` and `scripts/preflight.py` performs static analysis to identify high-risk patterns (e.g., `curl | bash`, `git reset --hard`, or broad `rm` targets) and provides safer alternatives and rollback guidance. The skill includes robust secret detection for AWS keys, JWTs, and tokens, and it uses standard libraries to safely gather local git context without executing the untrusted input commands.
能力评估
Purpose & Capability
Name/description match the packaged scripts and runtime instructions. The skill requires a Python interpreter and the SKILL.md tells the agent to run the included preflight.py and helper scripts; those scripts implement command classification, path checks, secret detection, and rollback hints as described.
Instruction Scope
The SKILL.md directs the agent to run local Python scripts that examine commands and filesystem paths and (per guardlib imports) may invoke subprocesses such as git. That behavior is expected for a preflight tool, but it does mean the skill will read workspace files, resolve paths (including environment-variable expansion), and query VCS state when given a cwd or allowed-root. Make sure callers provide an appropriate --cwd and --allowed-root to constrain its analysis; otherwise the analysis could examine broad parts of the filesystem.
Install Mechanism
There is no install spec or network download; the skill is instruction-only with bundled Python scripts. Nothing is fetched from external URLs or installed into system paths, which reduces supply-chain risk.
Credentials
The skill does not request environment variables or credentials. Its code uses os.path and expands environment variables when resolving paths (expected for path resolution) but does not require or exfiltrate secrets by design. The secret detection module flags inline secrets in commands rather than asking for external tokens.
Persistence & Privilege
always is false and the skill does not request persistent system-level privileges or modify other skills' configs. It runs as an on-demand local checker (agent-invoked), which is appropriate for its purpose.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install command-guardian
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /command-guardian 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.2
Improve Windows PowerShell file-operation risk detection for Remove-Item, Copy-Item, Move-Item, Set-Content, Out-File, and Clear-Content; add coverage for -Recurse, -Force, -Path, and -LiteralPath handling.
v1.3.1
Polish nested command reporting, improve compound rollback guidance, and add safer git clean suggestions
v1.3.0
Add compound command parsing, git context checks, safer command suggestions, and stdin/command-file support
元数据
Slug command-guardian
版本 1.3.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Command Guardian 是什么?

Preflight safety guard for shell and infrastructure commands. Use before running commands that delete, overwrite, move, deploy, rewrite git history, change p... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 150 次。

如何安装 Command Guardian?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install command-guardian」即可一键安装,无需额外配置。

Command Guardian 是免费的吗?

是的,Command Guardian 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Command Guardian 支持哪些平台?

Command Guardian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Command Guardian?

由 Koi(@jinhuadeng)开发并维护,当前版本 v1.3.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论