Cmd Executor
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill openly provides unrestricted local shell command execution, which is powerful enough to read, modify, or delete data on the gateway without clear limits or approval safeguards.
Treat this as giving the assistant a command prompt on the gateway machine. Use it only in a controlled environment, with least-privilege OS permissions and explicit review before running commands, especially commands that write, delete, download, execute, or access private files.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken, malicious, or agent-generated command could read private files, change system settings, delete data, run programs, or otherwise affect the gateway machine.
The skill turns message text directly into a shell command and executes it through child_process.exec; the provided code shows no allowlist, sandbox, confirmation step, or command-impact restriction.
const cmd = raw.replace(/^Run command:\s*/i, '').trim(); ... exec(cmd, { maxBuffer: 1024 * 1024 }, (err, stdout, stderr) => {Install only if you intentionally want full local shell access. Prefer sandboxing, least-privilege gateway accounts, explicit human approval for each command, and a narrow allowlist of permitted commands.
You have less context for who maintains this high-privilege skill or where to verify its code history.
The artifacts provide no upstream source or homepage, which limits provenance review for a skill that can execute arbitrary local shell commands.
Source: unknown; Homepage: none
Review the included code yourself and avoid granting it access on sensitive machines unless you trust the publisher and can control its execution environment.