← 返回 Skills 市场
Native Run
作者
sadikjarvis
· GitHub ↗
· v0.0.1
752
总下载
0
收藏
5
当前安装
1
版本数
在 OpenClaw 中安装
/install native-run
功能描述
Execute native commands on the local Windows machine and return their output to OpenClaw for automation and testing purposes.
安全使用建议
This skill will run arbitrary shell commands on the gateway machine — a high-risk capability that appears intentional. Before installing: (1) Do not deploy on any machine you don't fully control or trust. (2) Fix the mismatches: update skill.json to point to the actual entry file, and align SKILL.md examples with the JS pattern (or vice versa). (3) Remove the hardcoded token: require a configurable secret via secure environment variable or platform-managed credential, and rotate it. (4) Implement command whitelisting/sanitization and restrict the server to localhost or a secured socket. (5) Consider running the service in an isolated container or VM with limited privileges. If you cannot inspect and remediate the code yourself, treat this package as unsafe to install on production or sensitive systems.
功能分析
Type: OpenClaw Skill
Name: native-run
Version: 0.0.1
This skill is highly suspicious due to a critical shell injection vulnerability. The `native_run.py` script executes user-provided commands directly via `subprocess.check_output` with `shell=True`, allowing arbitrary command execution on the host machine. The `native_run_skill.js` passes unsanitized user input from the chat message directly to this vulnerable endpoint. While the skill explicitly states its purpose is to run native commands, the implementation introduces a severe Remote Code Execution (RCE) risk without clear malicious intent like data exfiltration or persistence, thus classifying it as suspicious rather than malicious.
能力评估
Purpose & Capability
The name and SKILL.md say the skill executes native commands locally; the included Python HTTP server and JS entry point do exactly that (they accept an incoming command and run it). That behavior is coherent with the claimed purpose. However, the skill metadata and docs do not line up with the code: SKILL.md example uses 'Run native: whoami' but the JS looks for 'Run command:', and skill.json references a non-existent 'skill.js' entry point. These mismatches reduce confidence that the package is well-constructed.
Instruction Scope
SKILL.md describes a simple pattern-based local command runner but omits operational details (how/when to start the Python server). The runtime files actually start an HTTP server that accepts arbitrary commands and runs them with shell=True — very broad capability. The documentation and code disagree on the trigger phrase and on platform details (doc says Windows; code is cross-platform). The instructions do not limit or sanitize allowed commands, nor do they explain the hardcoded token or how to secure the service.
Install Mechanism
There is no install spec (instruction-only), which is low-risk in isolation. However, the repository includes executable code (a long-running Python HTTP server and a JS entrypoint) that will be placed on the gateway if installed; those files will run arbitrary shell commands if launched. The lack of an install spec means there's no controlled install step to set up secure defaults (e.g., change token, restrict bind address).
Credentials
The skill declares no required environment variables or credentials, which superficially seems minimal. But it embeds a long, hardcoded token in both the Python and JS files. Hardcoded secrets in code are sensitive: anyone with file access can use or leak the token, and if the service is accidentally exposed beyond localhost, that token grants remote command execution. No justification is provided for this hardcoded secret.
Persistence & Privilege
always is false (good). The skill includes a server that, if executed, will run persistently (HTTP server on localhost:8080) and accept command execution requests. Autonomous invocation by the agent is allowed (disable-model-invocation is false), which is expected for skills but increases blast radius: an agent could trigger the skill to call the local runner. The package does not request elevated system config, but the long-running server behavior should be treated like persistence and secured appropriately.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install native-run - 安装完成后,直接呼叫该 Skill 的名称或使用
/native-run触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1
Initial release.
- Execute native commands on the local machine running the OpenClaw gateway.
- Returns command output to OpenClaw.
- Operates on Windows platform only.
- Designed for automation, testing, and local tooling.
- Includes security notice: use only in trusted environments.
元数据
常见问题
Native Run 是什么?
Execute native commands on the local Windows machine and return their output to OpenClaw for automation and testing purposes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 752 次。
如何安装 Native Run?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install native-run」即可一键安装,无需额外配置。
Native Run 是免费的吗?
是的,Native Run 完全免费(开源免费),可自由下载、安装和使用。
Native Run 支持哪些平台?
Native Run 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Native Run?
由 sadikjarvis(@sadikjarvis)开发并维护,当前版本 v0.0.1。
推荐 Skills