← 返回 Skills 市场
exec-guard
作者
cypress927
· GitHub ↗
· v1.0.6
· MIT-0
509
总下载
0
收藏
1
当前安装
6
版本数
在 OpenClaw 中安装
/install exec-guard
功能描述
Safe command execution for AI agents with timeout control, 8KB ring buffer memory protection, background process management, and multi-agent sharing via HTTP...
使用说明 (SKILL.md)
exec-guard - AI Agent Command Execution Module
Safe and reliable system command execution for AI agents.
Quick Start
CLI Mode
echo '{"command": "ls -la"}' | node scripts/dist/index.js
HTTP Service Mode
node scripts/dist/index.js --server --port 8080
curl -X POST http://localhost:8080/exec -H "Content-Type: application/json" -d '{"command": "ls -la"}'
Core Capabilities
| Capability | Description |
|---|---|
| Sync Execution | Execute command with timeout, wait for result |
| Background Execution | Start long tasks, get PID, query later |
| Watch Window | Confirm service startup before returning |
| 8KB Ring Buffer | Head-Tail dual buffer prevents OOM |
| Process Management | Query status, get logs, terminate processes |
| Multi-Agent Sharing | HTTP service allows multiple agents to share state |
API Reference
POST /exec
Execute a command:
{
"command": "required - system command",
"workingDir": "optional - working directory",
"timeoutSeconds": "optional - default 30",
"runInBackground": "optional - default false",
"watchDurationSeconds": "optional - for service startup",
"env": "optional - custom environment variables"
}
GET /process/:pid
Query process status.
GET /process/:pid/logs
Get process output logs.
DELETE /process/:pid
Terminate a process.
GET /processes
List all background processes.
Response Status
| Status | Meaning |
|---|---|
success |
Command completed, exit code 0 |
failed |
Command failed, non-zero exit |
timeout |
Command killed after timeout |
killed |
Process manually terminated |
running |
Background process active |
Best Practices
- Set reasonable timeout - Prevent stuck commands
- Use watch window for services - Confirm startup success
- Use background mode for long tasks - Training, data processing
- Clean up processes - Terminate when done
Full Documentation
See references/AGENT_GUIDE.md for detailed usage guide and examples.
License
MIT
安全使用建议
This skill appears to implement exactly what it claims — a general-purpose command executor and background process manager — which inherently grants the ability to run arbitrary system commands and read their outputs. Before installing or enabling it, consider: 1) Network exposure: run the HTTP mode only bound to localhost or behind a firewall and add authentication; the skill's docs do not describe auth. 2) Principle of least privilege: run inside an isolated container or dedicated service account to limit file and credential access. 3) Environment leakage: child processes inherit process.env — do not run it on hosts holding sensitive environment variables unless you accept the risk. 4) Audit and limits: set strict max-process, timeouts, and logging retention; review code for any hidden telemetry or externally contacting behavior (package files are present but verify dependencies in package-lock.json). 5) Source trust: there's no homepage and the owner is unknown — prefer packages from known authors or verify signatures. If you need this capability but want lower risk, restrict HTTP mode, require authentication, or use CLI-only invocation in an isolated environment. Additional information that would raise confidence: a known upstream repository/homepage, published release on a reputable host, and a documented authentication or binding configuration for the HTTP server.
功能分析
Type: OpenClaw Skill
Name: exec-guard
Version: 1.0.6
The skill bundle provides a powerful utility for arbitrary system command execution, featuring both a CLI and an unauthenticated Express-based HTTP server. While it includes legitimate safety features like timeout controls and a 'Head-Tail Ring Buffer' (in ringbuf.js) to prevent memory exhaustion from large outputs, the core functionality (executor.js and server.js) essentially provides a Remote Code Execution (RCE) interface. The ability to run background processes, set environment variables, and manage processes remotely via the /exec endpoint is a high-risk capability that could be easily exploited if the service is exposed or misused by an agent.
能力评估
Purpose & Capability
Name, description, and included code implement a command execution / background process manager with an HTTP API and CLI as advertised. Required items are proportional to the described function (child_process usage, ring buffer, tree-kill for process termination). No unrelated credentials or external services are requested.
Instruction Scope
Runtime instructions permit arbitrary system commands, background tasks, and an HTTP API that exposes process lists, logs, and terminate actions. The service inherits the host process environment and returns process output via HTTP endpoints — this can leak sensitive files or environment secrets if commands or output contain them. The SKILL.md and agent guide do not specify authentication, network binding restrictions, or advice to restrict exposure of the HTTP server.
Install Mechanism
No remote download/install spec is present; the package contains Node.js source and package files bundled in the skill. There is no install step that fetches code from arbitrary URLs. Risk from install mechanism is low, though running the included Node code will execute locally.
Credentials
The skill declares no required env vars, but its implementation merges process.env into child processes by default. That is functional for running commands but gives any invoked command access to all host environment variables (potentially including secrets). The ability to accept an 'env' override also allows callers to inject new sensitive values; neither behavior is unjustified for a command executor but broad and potentially dangerous without access controls.
Persistence & Privilege
The skill is not always-on and is user-invocable, and model invocation is allowed (default). While autonomous invocation is the platform default and not a defect alone, combining autonomous invocation with the ability to start an HTTP server and run arbitrary system commands increases blast radius. There is no documented authentication for the HTTP API or instructions to bind to localhost only.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install exec-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/exec-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
Reorganized directory structure: scripts/ for code, references/ for docs
v1.0.5
TypeScript/Node.js version with HTTP server mode, background process management, and 8KB ring buffer
v1.0.4
Added auto-download scripts for GitHub Releases binary, install-binary.sh and updated exec.sh with auto-download support
v1.0.3
Added binary executable assets/cmd_exec_linux
v1.0.2
Added README.md with ClawHub project description
v1.0.1
Renamed from cmd-exec to exec-guard with improved description
元数据
常见问题
exec-guard 是什么?
Safe command execution for AI agents with timeout control, 8KB ring buffer memory protection, background process management, and multi-agent sharing via HTTP... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 509 次。
如何安装 exec-guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install exec-guard」即可一键安装,无需额外配置。
exec-guard 是免费的吗?
是的,exec-guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
exec-guard 支持哪些平台?
exec-guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 exec-guard?
由 cypress927(@cypress927)开发并维护,当前版本 v1.0.6。
推荐 Skills