ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Exec Tool

v1.0.0

Securely executes predefined clawhub CLI commands within controlled OpenClaw workflows, preventing unsafe or arbitrary system operations.

0· 78·0 current·0 all-time
byMayuran Ys@mayuran1096

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mayuran1096/exec-tool.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Exec Tool" (mayuran1096/exec-tool) from ClawHub.
Skill page: https://clawhub.ai/mayuran1096/exec-tool
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install exec-tool

ClawHub CLI

Package manager switcher

npx clawhub@latest install exec-tool
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description and code agree on purpose (execute clawhub CLI commands), so capability is plausible; however the security claims in SKILL.md (prevents destructive ops) are not enforced by the implementation, making the stated purpose and actual behavior inconsistent.
!
Instruction Scope
SKILL.md restricts execution to whitelisted commands and promises prevention of destructive operations. The runtime code accepts any string starting with 'clawhub' and calls subprocess.getoutput (shell), which allows shell operators and injection (e.g., 'clawhub; rm -rf /'), so instructions' safety constraints are effectively bypassed.
Install Mechanism
No install spec (instruction-only with a small Python file). Nothing is downloaded or installed during setup, so there is low install-time risk.
Credentials
The skill requests no environment variables, credentials, or config paths, which is proportionate for a CLI execution helper.
Persistence & Privilege
The skill is not always-enabled and requests no elevated platform privileges. Autonomous invocation is allowed (platform default), which increases blast radius but is not itself unusual here.
Scan Findings in Context
[subprocess-getoutput-shell-exec] unexpected: tool.py uses subprocess.getoutput(command) which executes via the shell; combined with a permissive startswith('clawhub') check, this enables command chaining/INJECTION (e.g., 'clawhub; dangerous_cmd'). This is not expected for a skill that claims to prevent destructive operations.
What to consider before installing
Do not install this on sensitive systems as-is. The skill's README promises safe execution but the code runs the provided string through the shell after only a prefix check, so an attacker or an accidental input like 'clawhub; rm -rf /' would execute additional commands. If you need this functionality, require one of the following before trusting it: (1) change implementation to use subprocess.run([...], shell=False) and parse/validate arguments, (2) restrict to an exact allowlist of full command patterns (not prefix checks), (3) perform strict argument validation/escaping, and (4) run it only in isolated, disposable environments. If the author can provide a patched version using safe subprocess invocation and a stronger whitelist (and show tests proving injection isn't possible), reassess. Otherwise treat this as unsafe for production or publicly accessible agents.

Like a lobster shell, security has layers — review code before you run it.

latestvk9760e2j2s7tgyaj6m22e4h3ts84qc3d
78downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
Mayuran Ys@mayuran1096
latest
Download

Exec Tool (ClawHub Skill)

Overview

Exec Tool is a controlled system command execution skill designed for OpenClaw environments. It allows secure execution of predefined CLI commands from within ClawHub workflows.

This skill is intended for automation, debugging, and controlled system operations inside VPS environments.

Problem it solves

When working in server environments (such as Hostinger VPS deployments), users often need to trigger system-level commands from automation layers like Telegram bots or OpenClaw agents. This skill bridges that gap safely.

Core functionality

  • Executes only allowed system commands
  • Currently supports: clawhub CLI operations
  • Prevents arbitrary or unsafe command execution
  • Returns trimmed output for chat interfaces (e.g., Telegram)

Security model

This skill is intentionally restricted:

  • Only whitelisted commands are executed
  • Prevents destructive operations (rm, sudo, etc.)
  • Designed for controlled automation environments

Example usage

Search skills

clawhub search "Google Workspace"

Install skill

clawhub install exec_tool

Integration use case

This skill is commonly used in:

  • Telegram bot automation
  • OpenClaw workflows
  • VPS management via chat interfaces
  • CI/CD command triggers

Notes

This skill is part of a controlled execution layer and should not be used for unrestricted shell access.

Comments

Loading comments...