Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
safe-shell-execution-claude-code
v1.0.0Perform layered safety checks on shell commands: detect injections, warn before destructive ops, protect sensitive paths, and require confirmations before ex...
⭐ 0· 29·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description match the SKILL.md: it's an instruction-only safety wrapper for shell execution. However the SKILL.md claims provenance from Claude Code and that internal files live in ~/.claude — a provenance claim that is unverifiable and unnecessary for the skill to function. That mismatch should be questioned but doesn't by itself break the purpose alignment.
Instruction Scope
The instructions are prescriptive but also technically overbroad and ambiguous. Examples: Layer 1 lists '${}' (parameter expansion) and other common shell constructs as patterns to 'reject directly' — this would block many benign, normal commands (e.g., echo ${HOME}, PATH manipulations). The guidance lacks a precise parsing strategy (how to detect writes vs reads, redirections, quoted expansions, or environment-variable-based paths), and does not specify exact regexes or a safe implementation approach. It also requires interactive confirmations but gives no guidance on how confirmations are surfaced/recorded. These make the instructions hard to implement correctly and could cause frequent false positives or surprising refusals.
Install Mechanism
Instruction-only skill with no install spec, no executable downloads, and no code files — minimal installation risk and nothing is written to disk by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The sensitive-path list is reasonable as items to protect, but the skill does not ask for access to them. The provenance claim about reading ~/.claude is uncorroborated and should be treated skeptically.
Persistence & Privilege
always is false and there is no install-time persistence requested. The skill can be invoked autonomously (platform default) which is expected for a runtime safety helper; that by itself is not a red flag. There is no request to modify other skills or system-wide settings.
What to consider before installing
This skill is low-install-risk (instruction-only) and does aim to do something useful, but its rules are currently too blunt and ambiguous to trust without clarification. Before installing or relying on it: 1) Ask the author to justify and narrow any outright 'reject' rules (in particular the '${}'/parameter-expansion rejection) and to provide exact patterns or a proper shell parser approach rather than plain substring matches. 2) Request evidence for the provenance claim (what was copied from ~/.claude and why), or remove it. 3) Ask how confirmations are presented, logged, and how false positives are handled. 4) Test the rules in a safe sandbox to see how often benign commands are blocked and whether required confirmations are usable. If you cannot get clear answers or implementation details, treat the skill as brittle and avoid depending on it for production safety.Like a lobster shell, security has layers — review code before you run it.
latestvk976rhrrf70cfr66vsbzbe357d840tvf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.