Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Exec Permission
v1.0.0OpenClaw exec安全权限配置指南。用于配置tools.exec的security和ask参数,管理agent命令执行权限。触发词:exec权限、安全配置、提权、exec security、ask off、allowlist。
⭐ 0· 31·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description claim to manage tools.exec security and ask parameters, and the SKILL.md directly provides instructions to do exactly that. This is coherent — a config guide legitimately would show how to change these fields. However, the provided example uses a hard-coded absolute path (/home/zzclaw/.openclaw/openclaw.json) which may not match the operator's environment and suggests the doc was copied from a single-machine context without parameterization.
Instruction Scope
Instructions tell the user/agent to manually edit a protected config path (bypassing API safeguards) and set security='full' and ask='off', then restart the gateway. That directly lowers host-level protections and allows unrestricted command execution. The SKILL.md gives a runnable Python one-liner that reads/writes the target file and a restart command — this is precise and actionable for agents and could be used to escalate privileges. The doc does not require backups, permission checks, or confirm whether the operator has authority to change the file; it also hardcodes a user home path which could lead to accidental edits to the wrong user's config.
Install Mechanism
This is an instruction-only skill with no install steps and no remote downloads, so there's no install-time code execution risk. That lowers supply-chain risk relative to skills that install binaries.
Credentials
The skill does not declare any required env vars, but its runtime instructions access and modify a local configuration file under a specific absolute path, which implies file-system and service-control privileges. Asking operators/agents to change protected config keys and restart the gateway is a privileged action; these privileged operations are disproportionate relative to a harmless 'guide' and should require explicit admin controls. The SKILL.md does not justify why API-based config.patch is unusable other than an error message, nor does it suggest safer alternatives.
Persistence & Privilege
Although always:false, the skill (if invoked) instructs persistent changes to the agent runtime (modifying openclaw.json and restarting the gateway), which permanently changes exec authorization behavior. Because disable-model-invocation is false (default), an agent with permission to run skills could itself perform the provided steps and remove exec protections — increasing blast radius. The skill advocates bypassing protected paths rather than using documented, auditable APIs.
What to consider before installing
This guide is coherent with its stated purpose (it shows how to change tools.exec.security and tools.exec.ask), but it also teaches how to bypass intended protections by editing a protected config file and restarting the gateway. Before using or installing this skill: 1) Verify you are an authorized admin and that the hard-coded path (/home/zzclaw/...) actually points to the target configuration on your host; don't run the one-liner blindly. 2) Make a backup of the config file and ensure you have console access in case the restart breaks the gateway. 3) Prefer documented, auditable APIs or an operator-led change process; avoid setting security='full' and ask='off' on production or shared systems. 4) Because the skill can be run by agents autonomously, consider disabling model invocation or restricting who/what can run this skill if you keep it. 5) Treat this skill as privileged: only install it if you trust its source (source unknown) and understand the operational and security consequences.Like a lobster shell, security has layers — review code before you run it.
latestvk979zzscjrt0bqrpjtm1tyqc858422dr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔒 Clawdis