← 返回 Skills 市场
ottttto

Safe Exec

作者 OTTTTTO · GitHub ↗ · v0.3.4
cross-platform ⚠ suspicious
8867
总下载
8
收藏
121
当前安装
10
版本数
在 OpenClaw 中安装
/install safe-exec
功能描述
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
安全使用建议
Install only if you are comfortable letting this skill execute shell commands with your user privileges. Keep SAFE_EXEC_AUTO_CONFIRM and OPENCLAW_AGENT_CALL bypass flows off for untrusted workflows, do not rely on the audit log as tamper-proof, avoid passing secrets in prompts/context, and use OS/container sandboxing for destructive or privileged command work.
功能分析
Type: OpenClaw Skill Name: safe-exec Version: 0.3.4 The 'safe-exec' skill is presented as a security tool to intercept and require approval for dangerous shell commands executed by an AI agent. Its documentation (SKILL.md, READMEs, CLAWDHUB_SECURITY_RESPONSE.md) explicitly states no network calls, monitoring, or credential requirements, and the developer has actively removed previously problematic features. However, the core scripts (`scripts/safe-exec.sh` and `scripts/safe-exec-approve.sh`) use `eval "$COMMAND"` to execute commands. This is a critical shell injection vulnerability, as a sophisticated attacker could potentially bypass the risk assessment regexes or manipulate the command string to achieve arbitrary code execution, even for commands deemed 'low' risk or after user approval. Despite the clear intent to provide a security layer, this significant RCE risk makes the skill suspicious.
能力评估
Purpose & Capability
The purpose is coherent: a local shell-command risk checker with pending approvals and audit logs. The concern is that the security boundary is weaker than the approval-tool framing: approved, low-risk, disabled, and context-downgraded paths all execute raw shell strings with eval.
Instruction Scope
The documentation discloses agent-mode bypasses, but also says commands wait for explicit confirmation. Broad enable/install phrases and free-form context keywords make the activation and approval scope too loose for a tool that gates destructive commands.
Install Mechanism
Installation is a disclosed GitHub clone plus executable scripts and optional PATH symlinks. I found no hidden installer, credential request, or runtime network behavior beyond the declared clone source.
Credentials
The declared local writes fit the purpose, and no network or credential use was found. However, environment variables can disable protections or skip confirmation, and SAFEXEC_CONTEXT can be used to downgrade risk and may be logged with user context.
Persistence & Privilege
The skill stores pending requests, rules, and audit logs under ~/.openclaw and runs commands with the user's shell privileges. There is no background daemon in the inspected artifacts, but the approval helper can execute queued commands non-interactively.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install safe-exec
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /safe-exec 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.4
fix: 修复YAML metadata格式以符合ClawHub要求
v0.3.3
Security enhancement
v0.3.2
Add backward compatibility symlinks and improved documentation. Project restructuring with zero breaking changes - all existing users can upgrade without any modifications. New conversational installation method added.
v0.3.1
Remove markdown formatting from description, ensure English-only text
v0.3.0
Add quick install guide and GitHub issue link in description
v0.2.8
Clarify platform-agnostic design - works via in-session terminal notifications, independent of communication tools
v0.2.7
Fully English documentation with global enable mode (Enable SafeExec)
v0.2.6
Update usage to global enable mode (开启 SafeExec) instead of per-command execution
v0.2.5
Update documentation to English with conversational usage examples
v0.2.4
Fix non-interactive environment hang issue
元数据
Slug safe-exec
版本 0.3.4
许可证
累计安装 301
当前安装数 121
历史版本数 10
常见问题

Safe Exec 是什么?

Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 8867 次。

如何安装 Safe Exec?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe-exec」即可一键安装,无需额外配置。

Safe Exec 是免费的吗?

是的,Safe Exec 完全免费(开源免费),可自由下载、安装和使用。

Safe Exec 支持哪些平台?

Safe Exec 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Safe Exec?

由 OTTTTTO(@ottttto)开发并维护,当前版本 v0.3.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论