ClawHub

Terminal Command Execution@1.0.0

v1.0.0

Execute terminal commands safely and reliably with clear pre-checks, output validation, and recovery steps. Use when users ask to run shell/CLI commands, ins...

0· 150·1 current·1 all-time
by@1215656
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name and description match the SKILL.md: this is explicitly a terminal/CLI command execution helper. It requests no unrelated environment variables, binaries, or install artifacts — everything it asks for (none) is proportionate to a generic command-execution skill.
Instruction Scope
SKILL.md directs the agent to inspect system state (pwd, ls, which, logs), run incremental commands, read stderr, and verify outcomes. This is appropriate for the stated goal but inherently grants read/write and execution capability on the host; the doc does include safety rules (avoid destructive commands, request approval for privileged/destructive actions) which mitigate risk if followed. Because the instructions are broad (arbitrary shell commands), they can access sensitive files or state if the agent is allowed to act without user confirmation.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is lowest-risk from an install/remote-code perspective — nothing is downloaded or written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The skill does, however, instruct the agent to read filesystem and process state (which is appropriate to its purpose); no unexplained credential access is present.
Persistence & Privilege
always: false (normal). The skill is user-invocable and permits model invocation (default platform behavior). That autonomous invocation combined with arbitrary command execution increases operational risk if you permit the agent to act without explicit user confirmation — the setting itself is standard, but you should consider policy controls.
Scan Findings in Context
[no_code_files] expected: Regex scanner had nothing to analyze because this is an instruction-only skill (SKILL.md is the runtime surface). This is expected; the security review therefore focuses on the instructions, not binary or network artifacts.
Assessment
This skill appears to do what it says, but it gives the agent the ability to run and inspect shell commands on the host. Before installing/use: (1) require explicit user confirmation for any privileged or destructive actions (sudo, rm -rf, global installs); (2) restrict or review any autonomous invocation so the agent cannot run commands without your approval; (3) run initial tests in a safe/sandboxed environment and limit operations to specific paths or containers; (4) enable command/audit logging and review outputs for secrets before storing or transmitting them; (5) if you need stronger guarantees, add policy rules that forbid access to sensitive directories and environment variables. If you cannot implement these safeguards, treat the skill as higher risk despite being coherent.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cpjqmpa3hcj1nvqhmpv0n4x83kyft

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments