ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pywayne Bin Cmdlogger

v0.1.0

Execute commands with real-time console output while logging all stdin, stdout, and stderr to a customizable log file for monitoring and debugging.

0· 676·0 current·0 all-time
by@wangyendt

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wangyendt/cmdlogger.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pywayne Bin Cmdlogger" (wangyendt/cmdlogger) from ClawHub.
Skill page: https://clawhub.ai/wangyendt/cmdlogger
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install wangyendt/cmdlogger

ClawHub CLI

Package manager switcher

npx clawhub@latest install cmdlogger
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description match the SKILL.md (a command I/O logger). However, the SKILL.md presumes a 'cmdlogger' executable and provides no implementation or install instructions—so it's unclear whether the agent is expected to implement this behavior itself, or rely on a preinstalled binary. That mismatch is surprising and worth clarifying.
!
Instruction Scope
The runtime instructions direct running arbitrary commands and recording all stdin, stdout, and stderr, including interactive sessions (e.g., SSH, GDB, Python REPL). While this aligns with the claimed purpose, it also means the skill will capture sensitive inputs (passwords, passphrases, secret tokens that might be typed) and potentially long/unbounded output. The SKILL.md warns about sensitive input but provides no instructions for redaction, access control, or safe defaults.
Install Mechanism
There is no install spec and no code files; the skill is instruction-only, so nothing will be written to disk by the installer. That minimizes supply-chain risk, but it increases ambiguity about how the documented 'cmdlogger' is expected to exist in the runtime.
!
Credentials
No credentials or env vars are requested, which is appropriate. However, because the skill logs stdin/stderr/stdout broadly (including interactive input), it can capture secrets that the skill did not explicitly ask for. The skill provides no guidance on securing or limiting log file access, redaction, encryption, or retention.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not attempt to modify other skills or agent-wide settings. There is no persistent installation footprint declared.
Scan Findings in Context
[no_code_files] expected: This is an instruction-only skill (SKILL.md only). The regex-based scanner had no code to analyze, which is expected but removes one source of static analysis signal.
What to consider before installing
This skill describes a tool that will record everything you type and everything commands print — including passwords, SSH passphrases, tokens, and other secrets. Before installing or using it: (1) Confirm where the actual 'cmdlogger' implementation comes from and only use a vetted binary or trusted source; (2) Never run it with interactive commands that request secrets (SSH logins, sudo passwords, OTP entry) unless you accept the risk; (3) Specify a secure --log-path (not world-readable), restrict file permissions, implement log rotation, and consider encrypting logs at rest; (4) Prefer tools that support redaction/filters if you need to avoid capturing secrets; (5) If you intended this as documentation for an external tool, ask the publisher to add installation instructions and explicit safeguards (redaction, retention policy). If you cannot verify the implementation or cannot ensure log security, avoid enabling this skill for sensitive workflows.

Like a lobster shell, security has layers — review code before you run it.

latestvk97crrwa7eak8myvqj0jc9xrn581486y
676downloads
0stars
1versions
Updated 20h ago
v0.1.0
MIT-0
@wangyendt
latest
Download

Pywayne Bin Cmdlogger

Execute a command and log all stdin, stdout, stderr to a file while forwarding I/O to console in real-time.

Quick Start

# Log command execution to default file (io_log.log in script directory)
cmdlogger <command> [args...]

# Specify custom log file path
cmdlogger --log-path <log_path> <command> [args...]

Usage Examples

Build Process Recording

# Log CMake configuration
cmdlogger --log-path cmake_config.log cmake ..

# Log build process
cmdlogger --log-path build.log make -j$(nproc)

Script Execution Monitoring

# Log Python script execution
cmdlogger --log-path script_run.log python3 my_script.py --arg1 value1

# Log shell script execution
cmdlogger --log-path deploy.log ./deploy.sh production

Debugging Sessions

# Log GDB debug session
cmdlogger --log-path debug_session.log gdb ./my_program

# Log Python interactive session
cmdlogger --log-path python_debug.log python3 -i my_module.py

Network Operations

# Log curl request with verbose output
cmdlogger --log-path api_test.log curl -v https://api.example.com/data

# Log SSH connection process
cmdlogger --log-path ssh_session.log ssh user@remote-host

Simple Command Logging

# Log git status
cmdlogger git status

# Log echo command
cmdlogger echo "Hello World"

Command Reference

ArgumentDescription
commandThe command to execute
[args...]Command arguments
--log-path <path>Optional log file path. Default: io_log.log in script directory

Log Format

Each line in the log file is prefixed with stream type:

  • 输入: <content> - Standard input
  • 输出: <content> - Standard output
  • 错误: <content> - Standard error

Example Log Output

Running cmdlogger echo "Hello World" produces:

输出: Hello World

Running cmdlogger python3 -c "import sys; print('stdout'); print('stderr', file=sys.stderr)" produces:

输出: stdout
错误: stderr

Features

  • Full I/O Recording: Captures all stdin, stdout, stderr
  • Real-time Forwarding: Forwards I/O to console while logging
  • Multi-threaded: Uses separate threads for stdin, stdout, stderr
  • Encoding Handling: Gracefully handles non-UTF-8 data
  • Resource Cleanup: Automatically cleans up processes and files

Use Cases

  • Recording complex build processes for later analysis
  • Monitoring long-running scripts with full logging
  • Debugging with complete input/output history
  • CI/CD pipeline execution logging
  • Performance analysis with execution traces

Important Notes

  • Interactive Commands: User input (including passwords) is logged. Be careful with sensitive information.
  • Large Output: Log files can become large for commands with heavy output. Ensure sufficient disk space.
  • Default Log Location: If --log-path is not specified, log file is created in the script directory as io_log.log.
  • Exit Codes: Returns the exit code of the executed command (127 if command not found).

Comments

Loading comments...