Cmd Executor
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: cmd-executor Version: 0.0.2 This skill is designed to execute arbitrary shell commands provided by the user via `child_process.exec` in `skill.js`. There is no input sanitization or validation of the `cmd` variable before execution, making it a severe Remote Code Execution (RCE) vulnerability. While the skill's stated purpose is to run commands, this capability, without safeguards, is highly risky and could be easily exploited for malicious activities like data exfiltration or system compromise.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken, malicious, or agent-generated command could read private files, change system settings, delete data, run programs, or otherwise affect the gateway machine.
The skill turns message text directly into a shell command and executes it through child_process.exec; the provided code shows no allowlist, sandbox, confirmation step, or command-impact restriction.
const cmd = raw.replace(/^Run command:\s*/i, '').trim(); ... exec(cmd, { maxBuffer: 1024 * 1024 }, (err, stdout, stderr) => {Install only if you intentionally want full local shell access. Prefer sandboxing, least-privilege gateway accounts, explicit human approval for each command, and a narrow allowlist of permitted commands.
You have less context for who maintains this high-privilege skill or where to verify its code history.
The artifacts provide no upstream source or homepage, which limits provenance review for a skill that can execute arbitrary local shell commands.
Source: unknown; Homepage: none
Review the included code yourself and avoid granting it access on sensitive machines unless you trust the publisher and can control its execution environment.