Cmd Executor
v0.0.2Executes Windows shell commands locally on the OpenClaw gateway, returning output and errors for automation and system management.
⭐ 0· 916·7 current·7 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is explicitly a local command executor and the code (skill.js) implements that directly by running the provided command. The declared purpose aligns with the required behavior. Minor note: the README emphasizes Windows commands but there is no OS enforcement — the code will run whatever the host OS accepts.
Instruction Scope
The SKILL.md instructs users to send 'Run command: <command>' and the skill executes exactly that string via child_process.exec with no sanitization or allowlist. This means an input can read, modify, or delete arbitrary files, open network connections, or exfiltrate data. The skill returns full stdout/stderr back to the caller, which may leak sensitive system data. Those behaviors are expected for a command executor but present a high risk if the agent or callers are not fully trusted.
Install Mechanism
There is no install spec (instruction-only style) and no third-party downloads. The only executable payload is the short skill.js bundled with the skill; nothing else is written to disk by an installer. This minimizes supply-chain injection risk but does not mitigate the inherent danger of arbitrary local execution.
Credentials
The skill does not request environment variables, credentials, or configuration paths. That is proportionate to its stated functionality. Note however that absence of declared credentials does not reduce the fact the skill can access any file or command output on the host when executed.
Persistence & Privilege
always:false (good), but disable-model-invocation is false (the default), so the agent can invoke this skill autonomously. Combined with the ability to run arbitrary shell commands, autonomous invocation increases the blast radius (the agent could run commands without explicit user prompting). Consider restricting autonomous invocation and limiting who/what can call this skill.
What to consider before installing
This skill does exactly what it says: it will run any shell command you send and return the output. That makes it extremely powerful but also dangerous — a malicious or mistaken command can read or delete data, pivot across networks, or exfiltrate secrets. Before installing: (1) Only install on a gateway you fully trust and where running arbitrary commands is acceptable. (2) Prefer to restrict invocation: disable autonomous model invocation or require explicit user approval before each run. (3) Add an allowlist of safe commands or sanitize inputs; do not expose this skill to untrusted users or public agents. (4) Review the included skill.js (it is short) and consider modifying it to impose command whitelists, execution time limits, and stronger error handling. (5) Do not install on production infrastructure unless you have strong compensating controls (sandboxing, network egress restrictions, audit logging). If you want a safer alternative, request a skill that accepts a limited set of management actions (e.g., 'list directory', 'get service status') rather than free-form shell execution.Like a lobster shell, security has layers — review code before you run it.
latest
Cmd Executor
Description
Runs any Windows command locally and replies with the output.
Usage
Send a message starting with Run command: followed by the command.
Example:
Run command: dir "C:\Users\Md Sadik Laskar\Documents"
The assistant will reply with the listing.
Comments
Loading comments...