ClawHub

Shell Safe Exec

v0.1.0

Safely run project-local build, test, lint, format, type-check, and install commands with strict restrictions to prevent destructive or system-wide effects.

0· 134·0 current·0 all-time
by@sf0799
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (safe, repo-local exec for build/test/lint/install) matches the SKILL.md. The skill declares no binaries, env vars, or installs that would be unrelated to its stated purpose.
Instruction Scope
The SKILL.md explicitly forbids destructive/system-wide actions, limits commands to the project workspace, and instructs treating user inputs as untrusted. However, enforcement is entirely procedural (relies on the agent following rules) and contains some subjective phrasing (e.g., "when the task can be completed without risky system operations"). The doc also permits installing dependencies via the project's package manager, which necessarily involves network access to registries and running package scripts — an expected but real supply-chain risk that the instructions do not further constrain.
Install Mechanism
No install spec and no code files — instruction-only skill. This is the lowest-risk install model because nothing is written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested; nothing appears disproportionate to the stated purpose.
Persistence & Privilege
always is false. The included agents/openai.yaml sets allow_implicit_invocation: false, reducing risk of implicit/autonomous invocation. The skill does not request persistent system presence or modify other skills.
Assessment
This skill is internally consistent and lightweight, but it is instruction-only — its safety guarantees depend on the agent and host sandbox actually enforcing the rules. Before using: (1) Confirm the agent runtime enforces workspace isolation and cannot access files outside the repo or escalate privileges. (2) Be cautious when installing dependencies: package registries and package install scripts can execute arbitrary code (supply-chain risk). (3) Prefer invoking this skill with explicit, pinned commands rather than open-ended requests (avoid "run whatever tests are needed"). (4) Do not provide secrets or sensitive host config in the workspace. (5) If possible, run first on a disposable/CI container to validate behavior and logs.

Like a lobster shell, security has layers — review code before you run it.

latestvk973e1jty9ccyaj0ddd4h33jzx84b8ef
134downloads
0stars
1versions
Updated 1w ago
v0.1.0
MIT-0
@sf0799
latest
Download

安全执行

只执行与项目相关、且明确安全的命令。

允许执行

  • build、test、lint、format、type-check、health-check
  • 使用项目默认包管理器安装依赖
  • 验证改动所需的状态和检查命令

禁止执行

  • 递归删除或其他大范围破坏性文件操作
  • 磁盘、分区、内核、服务或系统配置修改
  • 提权操作
  • 网络扫描、远程执行、端口转发
  • 读取与项目无关的系统敏感信息

工作流

  1. 优先使用仓库已经定义好的命令,不临时拼复杂管道。
  2. 把用户提供的路径和参数当作不可信输入,按字面值传递,避免命令注入。
  3. 只运行完成当前验证所需的最小命令。
  4. 一旦失败立即停止,直接返回真实错误,不做危险重试。
  5. 所有命令都限定在项目工作区内。

输出

  • 执行了什么命令
  • 成功或失败
  • 如果失败,返回关键错误信息

Comments

Loading comments...