← 返回 Skills 市场

OpenExec — Deterministic Execution Boundary for Agent Systems

Name: OpenExec — Deterministic Execution Boundary for Agent Systems
Author: trendinghot

作者 trendinghot · GitHub ↗ · v0.1.10

cross-platform ✓ 安全检测通过

888

总下载

当前安装

版本数

在 OpenClaw 中安装

/install openexec-skill

功能描述

Source-distributed deterministic execution service with pinned dependencies. Runs only with a signed approval artifact (ClawShield mode) and emits verifiable...

安全使用建议

This skill appears to implement what it claims. Consider the following before installing: - Deploy behind a firewall or bind to localhost (the provided run script binds 0.0.0.0 which exposes the service publicly). - Protect any CLAWSHIELD_PUBLIC_KEY and CLAWSHIELD_TENANT_ID values and ensure you only set OPENEXEC_DB_URL to trusted DB endpoints (a remote DB will create outbound network I/O). - Configure OPENEXEC_ALLOWED_ACTIONS to limit registered handlers in production and audit any additional handlers you add to the code. - Run inside a container/VM and avoid running as root since registered handlers run with the process's privileges — the project explicitly states it is an application-layer boundary, not an OS sandbox. - The repo includes test utilities that mint test keys; do not use test keys in production. If you want higher assurance, review any handlers you add and perform an operational hardening checklist (network binding, TLS, logging/rotation, backups).

功能分析

Type: OpenClaw Skill Name: openexec-skill Version: 0.1.10 The OpenExec skill bundle is designed as a security boundary for AI systems, enforcing deterministic execution, replay protection, and cryptographically signed approvals. The code implements these features robustly, using strong cryptography (Ed25519) and a static action registry. Documentation (SKILL.md, README.md, SECURITY.md) is highly transparent about its security model, limitations (e.g., no OS-level sandboxing), and operator responsibilities. There is no evidence of malicious intent, data exfiltration, backdoors, or prompt injection attempts against the AI agent. The skill's core purpose is to *govern* execution, not to perform unauthorized actions, and it explicitly avoids dynamic code loading or execution of user-supplied code.

能力评估

✓ Purpose & Capability

Name/description match the code and runtime instructions: the package implements a deterministic execution service, Ed25519 approval verification, replay protection, receipts, and a static action registry. There are no unrelated credentials, binaries, or surprising capabilities in the repo.

ℹ Instruction Scope

SKILL.md and README state 'no outbound HTTP/RPC during execution' and the code respects that (no network calls except optional DB via OPENEXEC_DB_URL). Note: the service exposes inbound HTTP endpoints (intended) and scripts/run.sh binds 0.0.0.0 (public) while docs recommend binding to localhost; operator should pay attention to binding and firewall configuration before deployment.

✓ Install Mechanism

No installer in the registry metadata but the project is source-distributed with a requirements.txt and simple pip-based install steps. No downloads from untrusted URLs or archive extraction; dependencies are pinned in requirements.txt.

✓ Credentials

No required secret environment variables; optional env vars (CLAWSHIELD_PUBLIC_KEY, CLAWSHIELD_TENANT_ID, OPENEXEC_ALLOWED_ACTIONS, OPENEXEC_DB_URL) are appropriate for the documented functionality. The code documents that OPENEXEC_DB_URL may enable outbound DB network I/O.

ℹ Persistence & Privilege

Skill writes execution records to a local SQLite DB by default (sqlite:///openexec.db) and stores receipts — expected for this service. always:false and no cross-skill configuration modifications. Operators must still isolate runtime (container/VM) and avoid running as root because handlers execute with host process privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install openexec-skill
安装完成后，直接呼叫该 Skill 的名称或使用 /openexec-skill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.10

## Summary: Security and documentation improvements; no runtime behavior changes. - Added explicit statement of execution safety guarantees (no dynamic loading, no runtime downloads, no code eval) to SKILL.md. - Enhanced SECURITY.md with clarified safety model and operator responsibilities. - Documentation files updated to emphasize static handler registry and immutable runtime. - No changes to service endpoints, environment variables, or execution logic.

v0.1.9

OpenExec 0.1.9 adds stricter supply chain controls and clarifies its offline, deterministic execution model. - Adds a security disclaimer: "No runtime package installation or dynamic downloads occur. All dependencies must be source-distributed and pinned." - Updates documentation (README.md, SKILL.md, replit.md) to emphasize source-based, immutable dependency handling and removal of any runtime pip usage. - Clarifies that OpenExec performs fully offline verification and dependency management, further reducing supply chain risk. - No changes to endpoints or runtime behavior.

v0.1.8

OpenExec v0.1.8 - Added SECURITY.md with security model, threat assumptions, and production hardening guidance. - Updated documentation (README.md, SKILL.md, replit.md) to reference SECURITY.md and clarify security responsibilities. - No breaking changes to execution logic or API endpoints.

v0.1.7

OpenExec 0.1.7 - Updated documentation in README.md, SKILL.md, and replit.md for clarity and usage guidance. - No behavioral or API changes; execution logic and endpoints remain unchanged. - Version bump to 0.1.7 for alignment with documentation updates. - requirements.txt and main.py may include minor updates but no breaking changes.

v0.1.6

- Updated version to 0.1.6. - Clarified skill does not perform outbound HTTP/RPC calls during execution (updated SKILL.md metadata). - No functional or API changes; documentation improvements only.

v0.1.5

- Clarified that OpenExec makes no outbound HTTP, RPC, or governance calls during execution or verification; all checks are fully offline. - Updated the description and documentation to note that outbound database network I/O occurs only if a networked DB is explicitly configured by the operator. - Revised wording throughout to specify "no outbound HTTP or governance calls" instead of "no outbound network calls." - No code or logic changes; documentation updates only.

v0.1.4

OpenExec v0.1.4 - Clarified that all verification and execution are fully offline, with no outbound network calls. - Updated environment variable handling: all variables are now optional for demo mode and OPENEXEC_DB_URL was added for execution record persistence. - Improved endpoint descriptions and health/status details. - Expanded documentation on security boundaries and clarified operational modes. - Updated governance integration notes, emphasizing separation of ClawShield SaaS.

v0.1.2

Initial public release with core governed execution features. - Implements a deterministic execution engine with two modes: demo and ClawShield (signed approvals). - Accepts only pre-approved actions and enforces replay protection (nonce/action hash). - Produces verifiable receipt hashes for every execution attempt. - Supports standalone operation (demo) and ClawShield governance mode (offline signature verification). - Includes health, readiness, version, execution, and receipt verification HTTP endpoints. - Provides sample configuration files, scripts, and demonstration tests.

v0.1.1

- Migrated SKILL.md to the new skill manifest format with structured metadata (name, slug, entrypoint, env vars, modes). - Expanded documentation with install, quickstart, endpoint, and mode instructions. - Clarified operation in both demo and ClawShield (governed) modes, including required environment variables. - Explained receipt generation and verification. - Separated feature lists for clear description of what the skill does and does not do. - Provided concise architecture context for the overall governed execution system.

v0.1.0

Initial release of OpenExec: a governed deterministic execution engine for AI agents. - Enforces strict governance: actions require explicit approval via ClawShield before execution. - Deterministic, auditable execution; generates immutable execution receipts recorded through ClawLedger. - Separates reasoning, authorization, and execution into distinct, replaceable layers. - Accepts structured execution requests and returns status, execution ID, and receipt hash. - Does not define policy, grant permission, or self-authorize actions.

元数据

Slug openexec-skill

版本 0.1.10

许可证 —

累计安装 5

当前安装数 5

历史版本数 10

常见问题

OpenExec — Deterministic Execution Boundary for Agent Systems 是什么？

Source-distributed deterministic execution service with pinned dependencies. Runs only with a signed approval artifact (ClawShield mode) and emits verifiable... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 888 次。

如何安装 OpenExec — Deterministic Execution Boundary for Agent Systems？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openexec-skill」即可一键安装，无需额外配置。

OpenExec — Deterministic Execution Boundary for Agent Systems 是免费的吗？

是的，OpenExec — Deterministic Execution Boundary for Agent Systems 完全免费（开源免费），可自由下载、安装和使用。

OpenExec — Deterministic Execution Boundary for Agent Systems 支持哪些平台？

OpenExec — Deterministic Execution Boundary for Agent Systems 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 OpenExec — Deterministic Execution Boundary for Agent Systems？

由 trendinghot（@trendinghot）开发并维护，当前版本 v0.1.10。