← 返回 Skills 市场

Exec Tool

Name: Exec Tool
Author: mayuran1096

作者 Mayuran Ys · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install exec-tool

功能描述

Securely executes predefined clawhub CLI commands within controlled OpenClaw workflows, preventing unsafe or arbitrary system operations.

使用说明 (SKILL.md)

Exec Tool (ClawHub Skill)

Overview

Exec Tool is a controlled system command execution skill designed for OpenClaw environments. It allows secure execution of predefined CLI commands from within ClawHub workflows.

This skill is intended for automation, debugging, and controlled system operations inside VPS environments.

Problem it solves

When working in server environments (such as Hostinger VPS deployments), users often need to trigger system-level commands from automation layers like Telegram bots or OpenClaw agents. This skill bridges that gap safely.

Core functionality

Executes only allowed system commands
Currently supports: clawhub CLI operations
Prevents arbitrary or unsafe command execution
Returns trimmed output for chat interfaces (e.g., Telegram)

Security model

This skill is intentionally restricted:

Only whitelisted commands are executed
Prevents destructive operations (rm, sudo, etc.)
Designed for controlled automation environments

Example usage

Search skills

clawhub search "Google Workspace"

Install skill

clawhub install exec_tool

Integration use case

This skill is commonly used in:

Telegram bot automation
OpenClaw workflows
VPS management via chat interfaces
CI/CD command triggers

Notes

This skill is part of a controlled execution layer and should not be used for unrestricted shell access.

安全使用建议

Do not install this on sensitive systems as-is. The skill's README promises safe execution but the code runs the provided string through the shell after only a prefix check, so an attacker or an accidental input like 'clawhub; rm -rf /' would execute additional commands. If you need this functionality, require one of the following before trusting it: (1) change implementation to use subprocess.run([...], shell=False) and parse/validate arguments, (2) restrict to an exact allowlist of full command patterns (not prefix checks), (3) perform strict argument validation/escaping, and (4) run it only in isolated, disposable environments. If the author can provide a patched version using safe subprocess invocation and a stronger whitelist (and show tests proving injection isn't possible), reassess. Otherwise treat this as unsafe for production or publicly accessible agents.

功能分析

Type: OpenClaw Skill Name: exec-tool Version: 1.0.0 The skill contains a critical shell injection vulnerability in tool.py. While it attempts to restrict execution to a whitelist using a startswith check, it passes the raw command string directly to subprocess.getoutput(), allowing for command chaining (e.g., 'clawhub; curl ...'). This directly contradicts the security claims in SKILL.md regarding the prevention of arbitrary command execution.

能力评估

⚠ Purpose & Capability

Name/description and code agree on purpose (execute clawhub CLI commands), so capability is plausible; however the security claims in SKILL.md (prevents destructive ops) are not enforced by the implementation, making the stated purpose and actual behavior inconsistent.

⚠ Instruction Scope

SKILL.md restricts execution to whitelisted commands and promises prevention of destructive operations. The runtime code accepts any string starting with 'clawhub' and calls subprocess.getoutput (shell), which allows shell operators and injection (e.g., 'clawhub; rm -rf /'), so instructions' safety constraints are effectively bypassed.

✓ Install Mechanism

No install spec (instruction-only with a small Python file). Nothing is downloaded or installed during setup, so there is low install-time risk.

✓ Credentials

The skill requests no environment variables, credentials, or config paths, which is proportionate for a CLI execution helper.

✓ Persistence & Privilege

The skill is not always-enabled and requests no elevated platform privileges. Autonomous invocation is allowed (platform default), which increases blast radius but is not itself unusual here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install exec-tool
安装完成后，直接呼叫该 Skill 的名称或使用 /exec-tool 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of Exec Tool for controlled command execution in OpenClaw environments. - Allows secure execution of approved `clawhub` CLI commands. - Enforces command whitelisting and blocks unsafe operations. - Designed for use cases like automation, debugging, and chat-based system management. - Output is trimmed for compatibility with interfaces such as Telegram.

元数据

Slug exec-tool

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Exec Tool 是什么？

Securely executes predefined clawhub CLI commands within controlled OpenClaw workflows, preventing unsafe or arbitrary system operations. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 84 次。

如何安装 Exec Tool？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install exec-tool」即可一键安装，无需额外配置。

Exec Tool 是免费的吗？

是的，Exec Tool 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Exec Tool 支持哪些平台？

Exec Tool 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Exec Tool？

由 Mayuran Ys（@mayuran1096）开发并维护，当前版本 v1.0.0。