ClawHub

Shell Safe Exec

v0.1.0

Safely run project-local build, test, lint, format, type-check, and install commands with strict restrictions to prevent destructive or system-wide effects.

0· 121·0 current·0 all-time
by@sf0799
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (safe, repo-local exec for build/test/lint/install) matches the SKILL.md. The skill declares no binaries, env vars, or installs that would be unrelated to its stated purpose.
Instruction Scope
The SKILL.md explicitly forbids destructive/system-wide actions, limits commands to the project workspace, and instructs treating user inputs as untrusted. However, enforcement is entirely procedural (relies on the agent following rules) and contains some subjective phrasing (e.g., "when the task can be completed without risky system operations"). The doc also permits installing dependencies via the project's package manager, which necessarily involves network access to registries and running package scripts — an expected but real supply-chain risk that the instructions do not further constrain.
Install Mechanism
No install spec and no code files — instruction-only skill. This is the lowest-risk install model because nothing is written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested; nothing appears disproportionate to the stated purpose.
Persistence & Privilege
always is false. The included agents/openai.yaml sets allow_implicit_invocation: false, reducing risk of implicit/autonomous invocation. The skill does not request persistent system presence or modify other skills.
Assessment
This skill is internally consistent and lightweight, but it is instruction-only — its safety guarantees depend on the agent and host sandbox actually enforcing the rules. Before using: (1) Confirm the agent runtime enforces workspace isolation and cannot access files outside the repo or escalate privileges. (2) Be cautious when installing dependencies: package registries and package install scripts can execute arbitrary code (supply-chain risk). (3) Prefer invoking this skill with explicit, pinned commands rather than open-ended requests (avoid "run whatever tests are needed"). (4) Do not provide secrets or sensitive host config in the workspace. (5) If possible, run first on a disposable/CI container to validate behavior and logs.

Like a lobster shell, security has layers — review code before you run it.

latestvk973e1jty9ccyaj0ddd4h33jzx84b8ef

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments