ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nix Run

v1.0.0

Execute **ANY** command via Nix, regardless of whether it is installed or the local version is outdated. Access 100,000+ packages from nixpkgs-unstable with...

0· 113·0 current·0 all-time
byDouble Dimos@msdimos

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for msdimos/nix-run.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Nix Run" (msdimos/nix-run) from ClawHub.
Skill page: https://clawhub.ai/msdimos/nix-run
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install nix-run

ClawHub CLI

Package manager switcher

npx clawhub@latest install nix-run
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to 'run ANY command via Nix' and its script implements exactly that by detecting local commands, using nix-locate to find packages, and calling 'nix shell github:NixOS/nixpkgs/nixpkgs-unstable#<pkg> -c'. Requiring Nix and nix-index/nix-locate is coherent for this purpose, but the SKILL.md's messaging ('zero installation') can be misleading because Nix (and optionally nix-index) must be present for the script to work.
Instruction Scope
The SKILL.md gives concrete, narrow runtime instructions that map to the included script. It does not instruct reading unrelated files or exfiltrating data. It does strongly require the agent always use the provided script rather than calling nix directly, which is unusual but consistent with the script providing lookup/behavioral logic.
Install Mechanism
There is no install spec; the skill is instruction + script only. Nothing is downloaded or written by an automated install step in the skill bundle itself (lowest installer risk).
Credentials
The skill declares no environment variables or credentials and the script likewise does not read secrets. It does require the host to have Nix (and optionally nix-index/nix-locate) available; those requirements are proportional to the stated functionality.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not persist credentials. It only runs the included shell script when invoked.
Assessment
This skill implements what it claims: it auto-finds packages in nixpkgs-unstable and runs requested commands by invoking 'nix shell' on the specified package(s). Before installing/using it, consider: 1) Nix must be installed on the host (and nix-index/nix-locate for lookups); the SKILL.md's 'zero installation' refers to target tools, not Nix itself. 2) The script pulls packages from the live nixpkgs-unstable flake (network fetches) and executes those binaries with access to your filesystem and network — this is inherent to its design and is a supply‑chain/execution risk if you run untrusted commands or packages. 3) The skill intentionally discourages recommending local installs and insists the agent use its script; be aware this changes normal troubleshooting guidance. 4) If you need stronger guarantees, use pinned/narrower package references instead of nixpkgs-unstable, audit the script, and avoid running untrusted package names/commands. Additional provenance (author, homepage, changelog, or third‑party review) would increase confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk9754s4we9ahxqbsf02ss3e0nx8383n6
113downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Double Dimos@msdimos
latest
Download

nix-run — Universal CLI Tool Runner via Nix

Automatically find and run any CLI tool through Nix with zero configuration. If the tool is installed locally, it runs directly with no overhead. If not, it auto-fetches from nixpkgs (100,000+ packages) on the fly.

CRITICAL RULES

  1. ALWAYS run CLI tools through scripts/nix-run.sh — even if you think the tool might already be installed. The script checks locally first (zero overhead) and auto-fetches via nix only if missing.
  2. NEVER install packages via apt, brew, pip install, npm install -g, cargo install, or any other package manager. This system uses nix exclusively.
  3. NEVER suggest the user install anything. Just run it through nix-run.
  4. NEVER use nix shell or nix run directly. Always go through scripts/nix-run.sh which handles package detection automatically. For multi-package environments, use --shell.
  5. On "command not found": Do NOT advise installation. Immediately retry through scripts/nix-run.sh.
  6. When unsure which tool to use: Use --search to discover the right package, then run it.

Quick Start

# Run ANY command — auto-detects package, zero config
scripts/nix-run.sh <command> [args...]

# Multi-package environment — run command with multiple tools available
scripts/nix-run.sh --shell <pkg1,pkg2,...> -- <command> [args...]

# Don't know the command name? Search by keyword
scripts/nix-run.sh --search "<keyword>"

# Update nix-locate database to get latest package info
scripts/nix-run.sh --update

Workflows

Workflow 1: Automatic Recovery from "command not found"

When a bash command fails with "command not found", immediately retry through nix-run — do NOT suggest installing:

# WRONG: "You need to install jq first: apt install jq"
# WRONG: brew install jq
# WRONG: nix shell nixpkgs#jq -c jq ...
# RIGHT:
scripts/nix-run.sh jq '.name' data.json

Workflow 2: Proactive Use — Always Prefer nix-run

For any CLI tool, always go through nix-run first:

scripts/nix-run.sh pandoc README.md -o README.pdf
scripts/nix-run.sh fd '\.rs$' src/
scripts/nix-run.sh rg 'TODO' .
scripts/nix-run.sh ffmpeg -i input.mp4 output.gif
scripts/nix-run.sh htop
scripts/nix-run.sh tree -L 2
scripts/nix-run.sh imagemagick convert input.png output.jpg
scripts/nix-run.sh shellcheck script.sh

Workflow 3: Discover Tools by Keyword

When you need a CLI tool but don't know its name, search nixpkgs:

scripts/nix-run.sh --search "json processor"
#   jq (1.8.1) - Lightweight and flexible command-line JSON processor
#   njq (...) - Command-line JSON processor using nix as query language

# Then run the discovered tool:
scripts/nix-run.sh jq '.name' data.json

Workflow 4: Handling Multiple Candidates

When multiple packages provide the same command, nix-run lists candidates and exits. Re-run with --pkg:

scripts/nix-run.sh --pkg ffmpeg-headless ffmpeg -version

Workflow 5: Multi-Package Environment with --shell

When a task requires multiple tools available simultaneously (e.g., a Python script that calls node, or a build step needing several compilers):

# Run a Python script that also needs node available
scripts/nix-run.sh --shell python3,nodejs -- python3 script.py

# Run multiple commands in a combined environment
scripts/nix-run.sh --shell python3,nodejs -- bash -c 'python3 --version && node --version'

# Data pipeline with jq and curl
scripts/nix-run.sh --shell jq,curl -- bash -c 'curl -s https://api.example.com | jq .data'

Options

FlagDescription
--pkg <name>Skip auto-detection, use specified nix package
--shell <pkg1,...>Multi-package environment (comma-separated), use -- before command
--search <keyword>Search nixpkgs by keyword (returns package name + description)
--limit <N>Max search results (default: 20)
--updateUpdate nix-locate database (nix-index) to latest nixpkgs

How It Works

  1. Command exists locally → execute directly (zero overhead)
  2. --pkg specified → nix shell github:NixOS/nixpkgs/nixpkgs-unstable#<pkg> -c <cmd> <args>
  3. --shell specified → nix shell nixpkgs#pkg1 nixpkgs#pkg2 ... -c <cmd> <args>
  4. Otherwise → nix-locate to find the package providing /bin/<cmd>
  5. Single candidate or exact match → run automatically
  6. Multiple candidates → list them and exit (re-run with --pkg)

Note: All commands use nixpkgs-unstable flake reference to ensure latest package versions.

Edge Cases

  • Command not in nixpkgs: Exits with error. Use --search to find alternatives.
  • nix-locate not installed: Exits with instructions to install nix-index.
  • nix-locate database outdated: Run scripts/nix-run.sh --update to refresh.
  • Software versions too old: The script uses nixpkgs-unstable by default, ensuring latest versions. If versions still seem stale, run --update to refresh the nix-locate index.
  • First run may be slow: nix shell downloads on first use; subsequent runs use cache.

Comments

Loading comments...