← 返回 Skills 市场
283
总下载
1
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install safe-terminal-runner
功能描述
Forces the AI to use a "temporary file + environment variable isolation" workflow for script execution, completely resolving terminal freezes and escaping er...
安全使用建议
This skill's approach (create temp_*.js/.ts files, run them, then delete) is coherent for avoiding shell-escaping and terminal hangs. However, it specifically instructs loading environment variables from the workspace (.env via dotenv) and editing .gitignore, which means the agent will read project secrets and modify repository files. Before installing or using this skill: 1) confirm you are ok with the agent creating and deleting files in your workspace; 2) avoid storing sensitive secrets in any .env file in the workspace or ensure they are not accessible to the agent; 3) require the agent to show the temporary script contents and get manual approval before execution; 4) review and approve any .gitignore changes before they are written; 5) prefer running such operations in an isolated test environment or container if you must allow automated script creation. If you expect the skill to never access secrets, ask the author to remove the explicit dotenv requirement and to require interactive approval for executing generated scripts.
功能分析
Type: OpenClaw Skill
Name: safe-terminal-runner
Version: 1.0.0
The 'safe-terminal-runner' skill provides a set of operational guidelines for the AI agent to improve script execution reliability by using temporary files instead of inline terminal commands. It focuses on resolving common shell escaping issues in Windows and Bash environments and includes standard practices such as environment variable loading via 'dotenv' and automated cleanup of temporary files (SKILL.md).
能力评估
Purpose & Capability
Name/description (safe script runner, avoid inline shell execution) align with the SKILL.md workflow of creating temporary standalone script files and executing them instead of inline commands.
Instruction Scope
The instructions require creating, executing, and deleting temporary files in the project workspace and explicitly instruct adding temp_* to .gitignore; they also insist on loading environment variables inside those files (dotenv). These steps go beyond just avoiding shell-escaping problems because they give the agent permission to read workspace files (.env), write to repo config (.gitignore), and create script files that may contain sensitive data. The SKILL.md does not constrain what can be written into the temporary scripts or require human review before execution.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is downloaded or written by an installer. This is low-risk from an installation perspective.
Credentials
The skill instructs use of dotenv (import 'dotenv/config' or require('dotenv').config()) to explicitly load environment variables from project files, but the registry metadata declares no required credentials. Encouraging automatic loading of .env files gives the skill access to any secrets stored there and increases the chance sensitive values are written into temporary scripts or logged. The requirement to 'explicitly load environment variables rather than relying on external environment injection' is unusual and may be disproportionate to the stated purpose.
Persistence & Privilege
The skill is not set to always:true and does not install itself, but it instructs modifying .gitignore and creating files in the working directory. That requires write access to the repository/workspace and could change project configuration; this is a limited privilege but worth noticing.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install safe-terminal-runner - 安装完成后,直接呼叫该 Skill 的名称或使用
/safe-terminal-runner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of safe-terminal-runner.
- Enforces a "temporary file + environment variable isolation" workflow for script execution to reliably prevent terminal freezes and escaping errors.
- Strictly prohibits inline execution of complex scripts using `node -e` or `python -c` and complex command-line string constructions.
- Requires creating, executing, and cleaning up standalone temporary files for all non-trivial scripts.
- Introduces clear error-handling steps to recover from terminal hangs or input prompts.
- Ensures all temporary scripts are prefixed with `temp_` and excluded from version control.
元数据
常见问题
Safe Script Runner 是什么?
Forces the AI to use a "temporary file + environment variable isolation" workflow for script execution, completely resolving terminal freezes and escaping er... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 283 次。
如何安装 Safe Script Runner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe-terminal-runner」即可一键安装,无需额外配置。
Safe Script Runner 是免费的吗?
是的,Safe Script Runner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Safe Script Runner 支持哪些平台?
Safe Script Runner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Safe Script Runner?
由 zaynzhu(@zaynzhu)开发并维护,当前版本 v1.0.0。
推荐 Skills