Run Command Safety Check
v1.0.0在执行 shell 方案前检查危险模式,如 pipe-to-shell、覆盖式删除、危险重定向或混淆执行。;use for shell, security, command-review workflows;do not use for 提供攻击性命令, 帮用户绕过限制.
⭐ 0· 93·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included assets (SKILL.md, resources/spec.json, template) and the shipped script. Required binary is only python3, which is appropriate for a local text/pattern auditor. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md stays on‑purpose: it instructs the agent to audit commands and scripts and prefer read-only review. The runtime script will read files from the provided input path (file or directory) and search/emit pattern matches. This is expected, but it means the tool can read arbitrary files you give it (including files containing secrets). The script masks matched secrets only partially (keeps first 4 chars then '***'), which could leak identifying fragments; it does not exfiltrate data or make network calls.
Install Mechanism
No install spec; the skill is instruction- and script-based and relies on python3 and the standard library. No remote downloads or package installs are performed.
Credentials
No environment variables, credentials, or config paths are requested. The only runtime dependency is python3. The script does scan for secret-like patterns (appropriate for its purpose) but the partial redaction behavior (revealing first 4 chars) is something users should be aware of.
Persistence & Privilege
always:false and no code writes to agent/global config. The script can write an output file if invoked with --output (normal behavior for a local tool), but it does not request elevated or persistent privileges.
Scan Findings in Context
[PATTERN_curl_pipe_bash] expected: The script looks for 'curl ... | bash' patterns to flag pipe-to-shell execution, which is expected for a command-safety auditor.
[PATTERN_dangerous_rm] expected: The 'rm -rf' detection is appropriate for identifying destructive delete patterns.
[PATTERN_base64_exec] expected: Detection of base64 decode piped to shells or python is expected for obfuscated execution patterns.
[PATTERN_secret_like] expected: The script searches for secret-like key=value patterns and masks matches partially; this detection is expected, but the masking reveals the first four characters which may be sensitive in some contexts.
[PATTERN_private_url] expected: Matching URLs that imply admin/internal/private paths is consistent with auditing for secrets or sensitive endpoints.
Assessment
This skill is coherent and runs locally with only python3 required. Before using it: (1) only point it at files/directories you intend to scan — do not pass root/system or other sensitive directories; (2) prefer sanitized inputs (remove or redact secrets) because the tool may surface snippets (it masks matches but keeps the first 4 characters); (3) use --dry-run or run against a small sample first; (4) review outputs before sharing — the tool does not network out, but its outputs could contain sensitive context; and (5) if you need stricter redaction, inspect/modify scripts/run.py to change the masking behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk973tm0n20prrjqdhf4dzvvw0n837btr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛑 Clawdis
OSmacOS · Linux · Windows
Binspython3