ClawHub

Terminal Executor

Security checks across malware telemetry and agentic risk

Overview

This skill openly lets an agent run unrestricted local terminal commands, including sudo commands, so it needs careful review before use.

Install only if you intentionally want an agent to run shell commands on your machine, including privileged sudo commands. Use it only in a sandbox or low-risk environment, review every command before execution, and avoid unattended use on systems with sensitive files, credentials, or important workloads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (11)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation condition is very broad: it triggers for general requests involving system commands, software installation, or status checks, which are common and high-risk actions. In a skill that exposes both unrestricted command execution and sudo-capable execution, overly broad routing materially increases the chance the agent will invoke dangerous capabilities without sufficiently narrow user intent or additional safeguards.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation condition, "When user needs to run system commands or install software," is broad enough to trigger on many ordinary requests and route them into a skill that exposes command execution and sudo-capable tooling. In the context of a terminal-execution skill, overly loose activation increases the chance of unnecessary or unsafe invocation, which can expand the attack surface and enable harmful system actions from ambiguous prompts.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation condition 'When user needs to run system commands' is so broad that the skill could be invoked for a wide range of requests without clear boundaries, increasing the chance of unsafe or unintended command execution. In a skill that exposes both exec and sudo_exec, ambiguous activation materially raises the risk of privilege misuse or overbroad delegation.

Missing User Warnings

High
Confidence
98% confidence
Finding
The manifest explicitly advertises sudo-capable command execution but provides no warning, gating, or safety language about privileged actions. This is dangerous because users or orchestrators may invoke the skill without understanding that it can perform root-level modifications, leading to system compromise, destructive changes, or persistence if abused.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This helper executes an arbitrary shell command string via child_process.exec and forwards the full parent process environment into that shell. In an agent skill context, if untrusted or model-influenced input reaches the command or the spawned process, this can lead to arbitrary command execution and exposure of secrets such as API keys, tokens, and other sensitive environment variables.

Missing User Warnings

High
Confidence
98% confidence
Finding
The module prepends `sudo` to an arbitrary caller-supplied command and executes it through `child_process.exec`, which invokes a shell. This creates a high-risk path for privilege escalation and shell command injection, especially because there is no allowlist, validation, or user confirmation before running privileged operations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Passing `{ ...process.env, ...options.env }` into a sudo-launched command can expose sensitive environment variables and lets the caller influence the execution environment of a privileged process. Environment-based manipulation can alter command behavior, leak secrets to subprocesses, or undermine assumptions about how the elevated command runs.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
module.exports = {
name: 'terminal-executor',
version: '1.0.0',
description: 'Execute terminal commands with sudo support',
tools: {
exec: require('./tools/exec'),
sudo_exec: require('./tools/sudo_exec')
Confidence
92% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
{
"name": "@openclaw/terminal-executor",
"version": "1.0.0",
"description": "Execute terminal commands with sudo support",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
Confidence
87% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
{
"name": "terminal-executor",
"version": "1.0.0",
"description": "Execute terminal commands with sudo support",
"tools": ["exec", "sudo_exec"],
"activation": "When user needs to run system commands"
}
Confidence
96% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
module.exports = async (command, options = {}) => {
try {
const fullCommand = `sudo ${command}`;
const { stdout, stderr } = await execAsync(fullCommand, {
cwd: options.cwd || process.cwd(),
env: { ...process.env, ...options.env },
Confidence
97% confidence
Finding
sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal