ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

System Commander

v1.0.0

Convert user tasks to optimal Linux/Python commands. Use when user needs file processing, data extraction, text manipulation, or any task that can be solved...

0· 357·3 current·3 all-time
by@nelohenriq
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md content and the included translate.py all align: the skill converts natural-language tasks into Linux/Python commands and examples match that purpose. There are no unrelated declared environment variables, binaries, or install steps.
!
Instruction Scope
SKILL.md and translate.py focus on generating executable shell/python commands. Several examples and pattern outputs are destructive (e.g., sed -i, mv) and the runtime guidance implies these can be run directly. The skill instructs to 'Provide the command (ready to copy-paste)' but also lists allowed_tools including code_execution — if the agent is permitted to execute generated commands automatically, that expands the scope to performing filesystem changes. The doc also references an odd construct '§§include()' and enforces a 'never rewrite command output' rule, which are implementation-specific and unexplained.
Install Mechanism
No install spec; this is instruction + small translate.py script. No downloads or third-party package installs are performed by the skill itself. The SKILL.md suggests apt-get usage for optional tools, but that's a user-level recommendation, not an automated install.
Credentials
The skill requires no environment variables, credentials, or config paths. That is proportional to its stated purpose. However, the generated commands may cause the agent (or user) to access arbitrary files if executed.
Persistence & Privilege
always is false and there is no claim of modifying agent-wide settings or other skills. The skill does not request elevated or persistent privileges.
What to consider before installing
This skill is coherent with its goal of translating tasks into system commands, but exercise caution before letting it execute anything automatically. Key points to consider: - The skill often produces shell commands that can modify or delete files (sed -i, mv, find + exec-like patterns). Always review commands and prefer dry-runs before executing. - The translate.py code injects user-supplied parameters directly into command strings. If you allow the agent to run commands (code_execution), that can lead to accidental destructive actions or exposure of sensitive files. Prefer disabling automatic execution or require explicit confirmation from a human for any command that writes/deletes/renames files. - The Python snippets in translate.py contain formatting bugs and unsanitized string interpolation (e.g., malformed f-strings and subprocess.run usage). These indicate sloppy engineering — not necessarily malicious, but they increase the chance of unexpected behavior. - If you want to use this skill safely: restrict it to generating commands (no automatic execution), require an explicit human approval step for every command that modifies state, run commands in a sandboxed environment when possible, and ask the skill author for input-sanitization and dry-run defaults. - Confidence would increase if the author documents whether the skill ever executes commands autonomously (it appears intended only to generate commands) and if translate.py is fixed to avoid string-injection risks and syntax errors.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bbjwyt3qwf9x9s0qqe0a9ed82az1x
357downloads
0stars
1versions
Updated 3h ago
v1.0.0
MIT-0
@nelohenriq
latest
Download

System Commander

When to Use

Activate this skill when:

  • User asks for file processing, text manipulation, or data extraction
  • Task can be solved with Linux/Python commands
  • Goal is to minimize AI inference and maximize efficiency
  • Keywords: "system command", "linux", "bash", "one-liner", "file processing"

Core Philosophy: System First, AI Last

Before any AI reasoning, try these in order:

  1. Pure Linux tools - awk, sed, grep, cut, tr, sort, uniq
  2. Linux + file tools - find, xargs, parallel, jq, csvkit
  3. Python one-liners - Quick scripts for complex logic
  4. AI subordinate - Only when above won't suffice

Command Patterns by Task Type

File Operations

TaskSystem SolutionAI Solution
List large filesfind . -size +100M -ls❌ Don't delegate
Count lineswc -l file.txt❌ Don't delegate
Search textgrep -r "pattern" .❌ Don't delegate
Replace textsed -i 's/old/new/g' file❌ Don't delegate
Extract columnawk -F',' '{print $2}' file.csv❌ Don't delegate

Data Processing

TaskSystem SolutionAI Solution
JSON queryjq '.key.subkey' file.json❌ Don't delegate
CSV manipulationcsvcut -c 1,3 file.csv❌ Don't delegate
Sort & uniquesort file uniq -c❌ Don't delegate
Join filesjoin -t',' file1 file2❌ Don't delegate

Text Processing

TaskSystem SolutionAI Solution
Line extractionsed -n '5,10p' file❌ Don't delegate
Word counttr ' ' '\n' sort uniq -c❌ Don't delegate
Format conversioniconv -f UTF-8 -t ASCII❌ Don't delegate

Response Format

When generating commands:

  1. Provide the command (ready to copy-paste)
  2. Explain what it does (brief)
  3. Show expected output (example)
  4. Note alternatives (if applicable)

Examples

Example 1: Extract Email Addresses

User: "Extract all email addresses from this log file"

System Commander Response:

# Extract emails using grep with regex
grep -oE '[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' logfile.txt | sort -u

# What it does:
# - -o: output only matching parts
# - -E: extended regex
# - Sorts and removes duplicates

Example 2: Count Files by Extension

User: "Count how many files of each type are in this directory"

System Commander Response:

# Count files by extension
find . -type f | sed 's/.*\.//' | tr '[:upper:]' '[:lower:]' | sort | uniq -c | sort -rn

# What it does:
# - Find all files
# - Extract extension (last . to end)
# - Normalize case
# - Count and sort by frequency

Example 3: Parse JSON Values

User: "Get all 'status' values from this JSON file"

System Commander Response:

# Using jq (install with apt-get install jq)
jq -r '.[].status' data.json | sort | uniq -c

# Alternative using grep (if jq unavailable):
grep -oP '"status": "\K[^"]+' data.json | sort | uniq -c

Example 4: Batch Rename Files

User: "Rename all .txt files to .bak"

System Commander Response:

# Dry run first (see what would happen)
ls *.txt | sed 's/\.txt$//' | xargs -I {} echo mv {}.txt {}.bak

# Execute if looks correct
ls *.txt | sed 's/\.txt$//' | xargs -I {} mv {}.txt {}.bak

# One-liner alternative:
for f in *.txt; do mv "$f" "${f%.txt}.bak"; done

Advanced Patterns

Parallel Processing

# Process files in parallel (4 jobs)
find . -name '*.log' | xargs -P 4 -I {} grep 'ERROR' {}

# Using GNU parallel (apt-get install parallel)
find . -name '*.json' | parallel 'jq .name {}'

Complex Text Extraction

# Extract text between markers
sed -n '/START/,/END/p' file.txt

# Multi-line pattern replacement
sed '/pattern/{n;s/old/new/}' file.txt

# Process only matching files
grep -l 'pattern' *.txt | xargs sed -i 's/old/new/g'

Data Transformation

# CSV to JSON (requires csvkit)
csvjson data.csv > data.json

# JSON to CSV
jq -r '.[] | [.key1, .key2] | @csv' data.json > output.csv

# Column statistics
awk -F',' '{sum+=$3} END {print "Sum:", sum, "Avg:", sum/NR}' data.csv

Python One-Liners

When pure Linux isn't enough, use Python:

# Complex JSON processing
python3 -c "
import json,sys
data=json.load(open('file.json'))
print([x['name'] for x in data if x['active']])
"

# Text processing with regex
python3 -c "
import re,sys
for line in sys.stdin:
    m=re.search(r'pattern', line)
    if m: print(m.group(1))
" < input.txt

When NOT to Use System Commands

Don't suggest system commands when:

  • Task requires natural language understanding
  • Contextual analysis of meaning
  • Creative writing or content generation
  • Complex multi-step reasoning
  • Security-sensitive operations needing verification

Token Efficiency Rules

  1. Never rewrite command output - Use §§include() instead
  2. Prefer pipes over loops - | chains are more efficient
  3. Use built-in tools - awk, sed vs Python imports
  4. Batch operations - Process all files at once with xargs

Installation Prerequisites

Some commands need packages:

# JSON processing
apt-get install jq

# CSV processing
apt-get install csvkit

# Parallel execution
apt-get install parallel

# Text processing
apt-get install silversearcher-ag  # ag command

Skill Integration

This skill works with:

  • agent-orchestrator: System commands become subtask solutions
  • a0-token-optimizer: Minimal tokens for maximum utility
  • toon-adoption: Store command patterns in TOON format

Comments

Loading comments...