← 返回 Skills 市场
Code Executor
作者
jpengcheng523-netizen
· GitHub ↗
· v1.0.0
· MIT-0
191
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install jpeng-code-executor
功能描述
Safe code execution in sandboxed environments. Supports Python, JavaScript, Bash, and more with resource limits and timeout controls.
使用说明 (SKILL.md)
Code Executor
Execute code safely in sandboxed environments with resource limits.
When to Use
- User wants to run code snippets
- Test code before deployment
- Execute scripts with security constraints
- Run untrusted code safely
Features
- Multi-language support: Python, JavaScript, Bash, Ruby, Go
- Resource limits: CPU, memory, execution time
- Network isolation: Optional network access
- File system isolation: Temporary sandbox directory
Usage
Execute Python
python3 scripts/execute.py \
--language python \
--code "print('Hello, World!')" \
--timeout 10
Execute from file
python3 scripts/execute.py \
--language python \
--file ./script.py \
--timeout 30 \
--memory 256
Execute JavaScript
python3 scripts/execute.py \
--language javascript \
--code "console.log(2 + 2)"
With input
python3 scripts/execute.py \
--language python \
--code "x = input(); print(f'You said: {x}')" \
--input "Hello"
Output
{
"success": true,
"stdout": "Hello, World!\
",
"stderr": "",
"exit_code": 0,
"execution_time_ms": 42
}
Safety
- Default timeout: 30 seconds
- Default memory limit: 512MB
- No network access by default
- Output limited to 1MB
安全使用建议
Do not install or run this skill as-is. The SKILL.md references a local executable (scripts/execute.py) and multiple runtimes but the package contains no code or install instructions — that means the skill cannot actually provide the sandbox and could cause unexpected behavior if a similarly named script exists in your environment. Ask the author for: (1) the executor source code or a trusted install URL (e.g., GitHub release), (2) a clear description of the sandboxing mechanism (Docker, firejail, gVisor, OS-level seccomp/cgroups) and how network/file access is restricted, and (3) a declared list of required binaries (python3, node, docker, etc.). If you must test, run it in a fully isolated environment (disposable VM or container) and verify the executor code before giving it access to sensitive files or credentials. If the author provides a trusted repository or a proper install spec and the executor code shows robust sandboxing, the assessment could move to benign.
功能分析
Type: OpenClaw Skill
Name: jpeng-code-executor
Version: 1.0.0
The skill bundle describes a tool for arbitrary code execution across multiple languages (Python, JS, Bash) via a script named 'scripts/execute.py'. While SKILL.md claims the environment is sandboxed with resource limits and network isolation, the actual implementation code is missing from the bundle, making these security claims unverifiable. Because the tool provides a high-risk capability that could be used for host compromise if the sandbox is absent or improperly implemented, it is classified as suspicious.
能力评估
Purpose & Capability
The skill claims sandboxed multi-language code execution with resource/network/file isolation, but there are no code files, no install spec, and no declared runtime binaries. The usage examples call python3 scripts/execute.py, yet the repository contains no scripts and required binaries list is empty — these requirements do not align with the stated purpose.
Instruction Scope
SKILL.md instructs running a local script (python3 scripts/execute.py) with options to execute arbitrary user code and read files (e.g., --file ./script.py). It therefore expects filesystem access and a local executor binary, but provides no guidance about how the executor is supplied or how sandboxing/isolation is enforced. That leaves broad discretion and potential for executing arbitrary code without demonstrated containment.
Install Mechanism
There is no install specification and no code files. Instruction-only skills are low-risk when they rely on already-present, declared tooling; here the documentation depends on a script that does not exist and no mechanism to obtain it is provided. This is an incoherence (missing artifact), not a safe-by-design implementation.
Credentials
The skill declares no environment variables or credentials, which is proportionate. However, it uses python3 and implies other runtimes (node, ruby, go) in examples without declaring required binaries or toolchain. Lack of declared binaries is a mismatch and should be addressed.
Persistence & Privilege
Defaults are used (always: false, model invocation allowed). There's no request for permanent presence or modification of other skills. Autonomous invocation is allowed but not combined with other privileged requests in this metadata.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install jpeng-code-executor - 安装完成后,直接呼叫该 Skill 的名称或使用
/jpeng-code-executor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of jpeng-code-executor
- Safely execute code in sandboxed environments with support for Python, JavaScript, Bash, Ruby, and Go
- Enforces resource limits (CPU, memory, execution time) and restricts network/file system access
- Provides command-line interface to run code snippets or scripts from files
- Default safety restrictions: 30s timeout, 512MB memory, no network, 1MB output limit
元数据
常见问题
Code Executor 是什么?
Safe code execution in sandboxed environments. Supports Python, JavaScript, Bash, and more with resource limits and timeout controls. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 191 次。
如何安装 Code Executor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install jpeng-code-executor」即可一键安装,无需额外配置。
Code Executor 是免费的吗?
是的,Code Executor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Code Executor 支持哪些平台?
Code Executor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Code Executor?
由 jpengcheng523-netizen(@jpengcheng523-netizen)开发并维护,当前版本 v1.0.0。
推荐 Skills