← 返回 Skills 市场
116
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-runner
功能描述
Enables secure execution of specified OpenClaw skills via cron jobs by forwarding agentTurn messages and passing the necessary context.
安全使用建议
This skill can run other local skills by importing their index.js and passing them the runner's full context. Before installing, consider: 1) The code hard-codes /home/bosunjung/... — confirm that path is correct for your environment or request that the author make the base path configurable. 2) The message payload ("run <skill-name>") is not sanitized or allowlisted — an attacker who can send cron payloads or agentTurn messages could request 'run ../../some/path' and cause arbitrary local file execution. Require an allowlist of permitted skill names or validate against a strict pattern (e.g., /^[a-z0-9_-]+$/). 3) The runner forwards its full context (tools, sessions) to the invoked skill — limit the context or use capability-scoped proxies so untrusted skills can't access more than they need. 4) Run this skill as a least-privileged user and ensure the runtime cannot read sensitive files from the filesystem; avoid running as root. 5) Ask the author to remove the hard-coded username path, add input sanitization, implement an allowlist, and document exactly which capabilities are passed to invoked skills. If you cannot confirm these changes, consider this skill risky and avoid installing it on production or multi-tenant systems.
功能分析
Type: OpenClaw Skill
Name: skill-runner
Version: 1.0.0
The skill implements dynamic code execution by importing and running arbitrary JavaScript files based on user-provided input in index.js. It is highly vulnerable to path traversal because the 'skillToRun' parameter is not sanitized before being used to construct a file path, allowing potential execution of any 'index.js' file on the filesystem. While the stated purpose is to facilitate cron jobs, the combination of dynamic imports, lack of input validation, and a hardcoded absolute path (/home/bosunjung/) represents a significant security risk.
能力评估
Purpose & Capability
The skill's goal (invoke another skill's exported skill() function with the same context) is consistent with its name and description, but the implementation uses a hard-coded absolute path (/home/bosunjung/.openclaw/workspace/skills) and will attempt to import arbitrary files. The hard-coded username path is unexpected and likely incorrect for most installations. Allowing arbitrary skill names to resolve to filesystem paths is broader than the description implies.
Instruction Scope
SKILL.md promises a 'secure' proxy that passes a context object to a target skill. The code indeed forwards the full context to the imported skill, but there is no validation, allowlist, or sanitization of the requested skill name. This enables directory traversal (e.g., '../') and arbitrary local module execution, and it grants the target skill the same tools/privileges the runner has — behavior that is potentially dangerous and not mitigated by the instructions.
Install Mechanism
No install spec and no external downloads are present; the skill is instruction/code-only. That minimizes supply-chain install risk. The included index.js should still be reviewed and audited before use.
Credentials
The skill declares no environment variables or credentials (which is proportionate). However, it accesses the host filesystem at an absolute path and dynamically imports local modules; filesystem access is implicit and broad. The hard-coded path is suspicious and may expose unintended files if the runtime user has wide filesystem permissions.
Persistence & Privilege
always is false and the skill doesn't request special platform privileges. However, because it can be invoked (cron payloads or other agentTurn messages) to execute arbitrary local code and passes its own context into that code, it effectively widens the blast radius of any skill that can be invoked through it. That makes message-source validation and allowlisting important.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-runner - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-runner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Skill Runner – a tool to trigger other OpenClaw skills via scheduled or indirect invocation.
- Enables secure, dynamic execution of skill functions based on incoming messages.
- Passes full context (tools, session) to the target skill.
- Designed for use with cron jobs or similar agentTurn triggers.
- Standard message-based interface (e.g., run <skill-name>).
元数据
常见问题
Skill Runner 是什么?
Enables secure execution of specified OpenClaw skills via cron jobs by forwarding agentTurn messages and passing the necessary context. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 116 次。
如何安装 Skill Runner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-runner」即可一键安装,无需额外配置。
Skill Runner 是免费的吗?
是的,Skill Runner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Runner 支持哪些平台?
Skill Runner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Runner?
由 xpneuma(@xpneuma)开发并维护,当前版本 v1.0.0。
推荐 Skills