← 返回 Skills 市场
193
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install shell-safe-exec
功能描述
Safely run project-local build, test, lint, format, type-check, and install commands with strict restrictions to prevent destructive or system-wide effects.
安全使用建议
This skill is internally consistent and lightweight, but it is instruction-only — its safety guarantees depend on the agent and host sandbox actually enforcing the rules. Before using: (1) Confirm the agent runtime enforces workspace isolation and cannot access files outside the repo or escalate privileges. (2) Be cautious when installing dependencies: package registries and package install scripts can execute arbitrary code (supply-chain risk). (3) Prefer invoking this skill with explicit, pinned commands rather than open-ended requests (avoid "run whatever tests are needed"). (4) Do not provide secrets or sensitive host config in the workspace. (5) If possible, run first on a disposable/CI container to validate behavior and logs.
功能分析
Type: OpenClaw Skill
Name: shell-safe-exec
Version: 0.1.0
The skill bundle 'shell-safe-exec' provides defensive instructions for an AI agent to perform project-related shell tasks like building, testing, and linting. The instructions in SKILL.md and agents/openai.yaml explicitly forbid destructive operations, privilege escalation, and network scanning, while emphasizing the need to treat user input as untrusted to prevent command injection. No malicious code, exfiltration logic, or suspicious behaviors were identified.
能力评估
Purpose & Capability
The name/description (safe, repo-local exec for build/test/lint/install) matches the SKILL.md. The skill declares no binaries, env vars, or installs that would be unrelated to its stated purpose.
Instruction Scope
The SKILL.md explicitly forbids destructive/system-wide actions, limits commands to the project workspace, and instructs treating user inputs as untrusted. However, enforcement is entirely procedural (relies on the agent following rules) and contains some subjective phrasing (e.g., "when the task can be completed without risky system operations"). The doc also permits installing dependencies via the project's package manager, which necessarily involves network access to registries and running package scripts — an expected but real supply-chain risk that the instructions do not further constrain.
Install Mechanism
No install spec and no code files — instruction-only skill. This is the lowest-risk install model because nothing is written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested; nothing appears disproportionate to the stated purpose.
Persistence & Privilege
always is false. The included agents/openai.yaml sets allow_implicit_invocation: false, reducing risk of implicit/autonomous invocation. The skill does not request persistent system presence or modify other skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install shell-safe-exec - 安装完成后,直接呼叫该 Skill 的名称或使用
/shell-safe-exec触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
initial release
元数据
常见问题
Shell Safe Exec 是什么?
Safely run project-local build, test, lint, format, type-check, and install commands with strict restrictions to prevent destructive or system-wide effects. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 193 次。
如何安装 Shell Safe Exec?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install shell-safe-exec」即可一键安装,无需额外配置。
Shell Safe Exec 是免费的吗?
是的,Shell Safe Exec 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Shell Safe Exec 支持哪些平台?
Shell Safe Exec 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Shell Safe Exec?
由 sf0799(@sf0799)开发并维护,当前版本 v0.1.0。
推荐 Skills