Run

v1.0.0

The universal execution primitive for AI agents. A secure, sandboxed environment designed to compile, execute, and manage code, scripts, and automated workfl...

⭐ 0· 406·3 current·3 all-time

by@duclawbot

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for duclawbot/run.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Run" (duclawbot/run) from ClawHub.
Skill page: https://clawhub.ai/duclawbot/run
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install duclawbot/run

ClawHub CLI

Package manager switcher

npx clawhub@latest install run

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name and description match the SKILL.md: this is intended as a universal execution primitive. However, the document claims hardware-level sandboxing (gVisor/Firecracker), network isolation, biometric confirmations, and deployment to cloud-edge nodes while the skill is instruction-only and requests no binaries, installs, or credentials. Those runtime capabilities would require privileged host components and install steps that are not declared — a mismatch between claims and what the skill actually requires/provides.

Instruction Scope

The instructions grant broad, open-ended authority: 'execute' arbitrary code snippets with auto-dependency injection, 'automate' long-running jobs, and 'deploy' to production/edge. The SKILL.md is high-level and lacks concrete, enforceable steps for how sandboxing, network whitelisting, or biometric confirmations are implemented. Vague guidance like this gives the agent wide discretion to run or schedule arbitrary code without clear, auditable constraints.

ℹ

Install Mechanism

There is no install spec or code — instruction-only. That is lowest-risk from a supply-chain perspective, but it also means the file is purely a policy/behavior description and cannot actually provide the claimed sandboxing or system-level protections. The absence of an implementation is itself a security and trust problem.

ℹ

Credentials

The skill declares no required environment variables, binaries, or config paths, which on the surface is proportionate. However, its stated capabilities (deploying to cloud-edge, integrating hardware sandboxes) typically require credentials, host agents, or binaries; their absence is an unexplained inconsistency.

Persistence & Privilege

always is false (good) but model invocation is allowed (default). Because the SKILL.md authorizes running arbitrary code and scheduling automated tasks, allowing autonomous invocation increases risk: an agent could trigger executions without clear, enforceable controls. The combination of vague execution authority and autonomous invocation is concerning.

What to consider before installing

This SKILL.md reads like a high-level specification rather than an implemented, reviewable feature. Before installing, ask the publisher for: (1) implementation code or an install spec showing how sandboxing, network isolation, and biometric confirmation are enforced; (2) a list of required host binaries, services, and credentials (e.g., gVisor, Firecracker, cloud keys) and why each is needed; (3) an access-control and audit plan (how executions are logged, who can approve high-risk actions, how whitelists are managed); (4) provenance (who operates the runtime and where it runs). If you cannot review an implementation, avoid enabling autonomous invocation for this skill and prefer manual invocation only. Treat this skill as potentially dangerous until its concrete implementation and least-privilege controls are provided and reviewed.

Like a lobster shell, security has layers — review code before you run it.

automationvk97bvrqkrzdw2papbty5d6dnwx82hafacodevk97bvrqkrzdw2papbty5d6dnwx82hafacomputevk97bvrqkrzdw2papbty5d6dnwx82hafaexecutevk97bvrqkrzdw2papbty5d6dnwx82hafalatestvk97bvrqkrzdw2papbty5d6dnwx82hafarunvk97bvrqkrzdw2papbty5d6dnwx82hafa

406downloads

0stars

1versions

Updated 18h ago

v1.0.0

MIT-0

Run: The Execution Layer

Philosophy

Thinking without acting is hallucination. Acting without a secure environment is a risk. Run provides the standardized, sandboxed interface where an agent's plans become reality. It is the final step in the "Think-Plan-Execute" cycle.

Execution Engine Specs

  "runtime":    "Polyglot support (Python, JS, Rust, Bash, SQL)",
  "security":   "Strict hardware-level sandboxing (gVisor/Firecracker)",
  "state":      "Ephemeral or Persistent session management",
  "concurrency": "Parallel task execution with dependency resolution"
}```

---

## Core Primitives
```FUNCTIONS = {
  "execute": {
    "scope":   "Run arbitrary code snippets with auto-dependency injection",
    "trigger": "Run this script"
  },
  "automate": {
    "scope":   "Long-running cron jobs and event-driven triggers",
    "trigger": "Run this every Monday at 9AM"
  },
  "deploy": {
    "scope":   "Instant deployment of local logic to cloud-edge nodes",
    "trigger": "Run this in production"
  }
}```

---

## Safety & Governance
1. **Resource Capping**: Prevents infinite loops and CPU/Memory exhaustion.
2. **Network Isolation**: Blocks unauthorized outbound requests unless whitelisted.
3. **Human-in-the-loop**: High-risk commands (e.g., `rm -rf`) require explicit biometric confirmation.

---

## Use Cases
- **Data Science**: "Run a regression analysis on this CSV and output the chart."
- **Web Scraping**: "Run a scan of these 50 URLs and extract the pricing data."
- **System Admin**: "Run the cleanup script if disk usage exceeds 80%."
---

Comments

Loading comments...