← 返回 Skills 市场

linux-command-guard

Name: linux-command-guard
Author: jurgenw81

作者 Jurgenw81 · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ✓ 安全检测通过

110

总下载

当前安装

版本数

在 OpenClaw 中安装

/install llm-shell-guard

功能描述

Blocks destructive Linux commands by enforcing allowlist execution, denylist checks, regex detection, protected paths, and approval for risky actions.

使用说明 (SKILL.md)

name: linux-command-guard-elite version: 1.0.0 description: Defense-in-depth Linux command safety skill for AI agents using allowlist-first policy, approval gates, denylist, regex detection, and protected-path checks. category: security tags:

security
linux
shell
command-execution
llm
agent-safety
openclaw
clawhub

Linux Command Guard Elite

Use this skill before any agent executes shell commands on Linux.

Mandatory policy

Always prefer an allowlist over a denylist. If a command is not explicitly allowed, do not execute it.
Denylists are only a backup layer. They help catch known-bad patterns, but they are not sufficient by themselves.
Never trust wrappers or interpreters as inherently safe. Block or require separate sandbox policy for:
- bash
- sh
- zsh
- dash
- python / python3
- perl
- ruby
- node
- php
Require manual approval for high-risk commands and binaries, including:
- sudo
- su
- mount / umount
- systemctl / service
- iptables / nft / ufw
- docker / podman / kubectl / nsenter
- chmod / chown / chattr
- usermod / userdel / groupdel / passwd
- package managers
Never allow writes, deletes, moves, or redirects into protected system paths.
Do not use this skill as the only control. Also run the agent in:
- a sandbox or microVM
- non-root mode
- resource-limited environment
- network-restricted environment when possible

Recommended execution flow

Parse the command safely.
Reject command substitution, shell chaining, and redirect abuse.
Reject wrappers and interpreters unless a stricter child policy is applied.
Check allowlist.
Check high-risk approval rules.
Check denylist and regex rules.
Check protected-path access.
Execute only if the command is explicitly safe.

Strong recommendation

Keep the allowlist small and read-only by default.

安全使用建议

This skill appears coherent and implements an allowlist-first command-checker as described. Before installing or enabling it: 1) Verify your agent integration actually calls this check before executing shell commands (a policy file alone does nothing unless invoked). 2) Do not rely on this as the sole defense — run agents non-root in sandboxes/microVMs with resource and network limits. 3) Review and lock the allowlist and approval_required lists to match your security posture (the default allowlist is intentionally small). 4) Test the packaged rules in a controlled environment to ensure regex and tokenization behave as you expect (there is a stray backtick line in regex_rules.txt that is benign but worth validating against your Python RE engine). 5) If you need stronger guarantees, couple this with OS-level controls (seccomp/AppArmor/SELinux) and a manual approval workflow for the binaries marked as high-risk.

功能分析

Type: OpenClaw Skill Name: llm-shell-guard Version: 1.0.1 The skill is a defensive security tool designed to validate Linux commands before execution by an AI agent. It implements an allowlist-first policy, blocks shell wrappers and interpreters (e.g., bash, python), detects dangerous shell operators (pipes, redirects, command substitution), and prevents writes to protected system paths like /etc and /root. The logic in linux_command_guard/checker.py and the comprehensive rule sets in the rules/ directory are consistent with its stated purpose of providing defense-in-depth for agent-led shell execution.

能力评估

✓ Purpose & Capability

Name/description (allowlist-first Linux command guard) aligns with the included Python package, rule files, and tests. All required files and logic relate to parsing commands, applying allowlist/denylist/regex/protected-path checks, and reporting decisions; there are no unrelated credentials, binaries, or endpoints requested.

✓ Instruction Scope

SKILL.md directs the agent to run this policy before executing shell commands and describes the intended flow. The runtime code only reads local rule files bundled with the package and does not access external endpoints, unrelated system files, or environment variables beyond normal execution. The instructions are not open-ended and do not tell the agent to exfiltrate data or inspect unrelated config.

✓ Install Mechanism

No install spec is provided; the skill is instruction-only at the registry level but includes a local Python package (no remote downloads, no installers). The project is self-contained and uses only local rule files and tests—no high-risk download or extract steps are present.

✓ Credentials

The skill requests no environment variables, credentials, or external config paths. All rule data is stored in packaged text files, which is proportionate to the stated purpose.

✓ Persistence & Privilege

Skill flags are default (always: false, user-invocable: true). The skill does not attempt to persist beyond its package files or modify other skills. Note: model invocation is allowed by default (disable-model-invocation is false) — this is platform default and not itself a red flag.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install llm-shell-guard
安装完成后，直接呼叫该 Skill 的名称或使用 /llm-shell-guard 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

Initial release as "linux-command-guard-elite" with expanded defense-in-depth features: - Renamed and rebranded the skill from "linux-command-guard" to "linux-command-guard-elite". - Introduced stricter allowlist-first enforcement, with detailed approval policies for high-risk commands and interpreters. - Added granular rule files: allowlist, denylist, approval-required, protected paths, and regex-based detection. - Implemented robust policy checks for protected system paths and command patterns. - Updated documentation for advanced security requirements, mandatory policy flow, and strong usage recommendations. - Added test suite and necessary project metadata for enhanced maintainability.

v1.0.0

Initial release of linux-command-guard: - Enforces a defensive shell execution policy with layered allowlist, protected path, and denylist checks. - Requires human approval for high-risk, potentially destructive Linux commands. - Includes guidance on safer alternatives, explicit hard refusals, and isolating execution in sandboxes or microVMs. - Provides policy data and scripts for allowlist, denylist, protected paths, and high-risk command detection. - Defines a standard output format for command evaluation: ALLOW, REVIEW, or BLOCK, with reasoning and safer alternatives. - Promotes security best practices: non-root execution, isolation, and never disabling protections to "get the task done."

元数据

Slug llm-shell-guard

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题