← 返回 Skills 市场
841
总下载
1
收藏
4
当前安装
3
版本数
在 OpenClaw 中安装
/install terminal-killer
功能描述
Intelligent shell command detector and executor for OpenClaw. Automatically identifies terminal commands (system builtins, $PATH executables, history matches...
安全使用建议
This skill does what it says — it will detect and run shell commands using your real shell environment. That requires sourcing your dotfiles (~/.zshrc, ~/.bashrc) and reading shell history; both are legitimate for this task but are risky because dotfiles can run arbitrary code and history or command outputs may contain secrets (API keys, tokens, passwords). Before installing or enabling: 1) Review the source (you have it) and confirm you trust the author; 2) Inspect your shell init files for unexpected network calls or side effects (and consider running the skill under a sanitized shell or user); 3) Disable or restrict logging or ensure logs (~/.openclaw/logs/...) are stored securely; 4) Configure the skill to require interactive approval for execution (raise the confidence threshold or force approval for anything non-trivial) and avoid enabling fully autonomous execution if you cannot audit every invocation; 5) If you need minimal privilege, prefer not to allow it to source dotfiles or to limit MAX_HISTORY_CHECK to 0. If you want to proceed but are unsure, keep it disabled by default and only run detect-only tests (node scripts/detect-command.js) rather than executing commands.
功能分析
Type: OpenClaw Skill
Name: terminal-killer
Version: 1.2.0
The skill is designed to execute shell commands directly, which is a high-risk capability by nature. It attempts to mitigate this with dangerous command detection and an approval workflow. However, a critical vulnerability exists in `scripts/detect-command.js` and `scripts/exec-command.js` (and other execution paths) where user-controlled shell initialization files (e.g., `~/.zshrc`, `~/.bashrc`) are sourced via `execSync` before executing `which` or the user's command. This means any malicious code in these config files could be executed during the command detection phase, even if the user's input is not ultimately approved for execution, leading to a potential Remote Code Execution (RCE) vulnerability. While the author explicitly states the skill does not perform external API calls or data exfiltration, the inherent risk of direct shell execution with full user environment and the specific RCE vulnerability during detection make it suspicious.
能力评估
Purpose & Capability
Name/description (detect + execute shell commands) match the actual implementation: detector, executor, interactive opener. Executing commands with the user's environment, checking $PATH and shell history, and opening new terminal windows are coherent with the stated goal.
Instruction Scope
Runtime instructions and code explicitly source user shell init files (e.g. ~/.zshrc, ~/.bashrc) and read shell history (~/.zsh_history, ~/.bash_history). Sourcing init files executes whatever is in them; reading history and command outputs may surface secrets. These behaviors extend beyond simple command detection and create sensitive read/execute surface that users should expect but be cautious about.
Install Mechanism
No installer or remote downloads; this is an instruction+code bundle that runs locally. That lowers supply-chain risk because nothing is fetched at install time.
Credentials
The skill requests no explicit credentials, but it inherits process.env and deliberately sources shell init files to obtain PATH and env vars, and it reads shell history files. Those actions are plausible for running user commands, but they give the skill access to sensitive local data (history, env vars, and any code executed during sourcing). The skill also logs commands and outputs (per README/SKILL.md), which may record secrets.
Persistence & Privilege
always:false (good), but the skill can be invoked autonomously by the agent (default). Combined with the ability to execute arbitrary shell commands and to source init files / read histories / open terminals, this gives a high blast radius if misclassification or malicious inputs occur. The skill does not modify other skills or system configs, but its execution privileges are powerful.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install terminal-killer - 安装完成后,直接呼叫该 Skill 的名称或使用
/terminal-killer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
### v1.2.0
- Updated documentation in README.md for improved clarity and detail.
- Updated metadata in clawhub.json.
- No changes to core detection logic or execution rules.
v1.1.0
v1.1.0: 1) Faithful command execution, 2) Interactive shell detection, 3) Long output handling
v1.0.0
Initial release: Smart command detector with cross-platform support
元数据
常见问题
Terminal Killer 是什么?
Intelligent shell command detector and executor for OpenClaw. Automatically identifies terminal commands (system builtins, $PATH executables, history matches... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 841 次。
如何安装 Terminal Killer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install terminal-killer」即可一键安装,无需额外配置。
Terminal Killer 是免费的吗?
是的,Terminal Killer 完全免费(开源免费),可自由下载、安装和使用。
Terminal Killer 支持哪些平台?
Terminal Killer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Terminal Killer?
由 cosperypf(@cosperypf)开发并维护,当前版本 v1.2.0。
推荐 Skills