Optional Strict Instructions 可选择的严格指令
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill is mostly safety-focused, but its included helper script can run powerful sudo shell commands and handles sudo passwords in risky ways.
Treat the written confirmation workflow as useful guidance, but avoid running the included shell script unless it is fixed. Never share your sudo password in chat or as a command argument, and review any delete, sudo, package-install, service, or system-configuration command before allowing it to run.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the helper script is used on an unsafe or attacker-controlled path, it could run commands the user did not intend, possibly with administrator privileges.
The file path is interpolated into a shell command string and then reparsed by sh -c. A crafted file name containing shell metacharacters could trigger unintended command execution, potentially under sudo.
execute_with_sudo "rm -f \"$file\"" "$sudo_password" ... sudo -- sh -c "$command"
Do not run this helper script as-is for file operations. Replace sh -c string execution with direct argument arrays such as sudo rm -f -- "$file", and avoid accepting arbitrary command strings except in clearly manual workflows.
A user could accidentally disclose their administrator password to the agent, local logs, or other processes.
The script accepts a sudo password and even documents passing it as a command-line argument. Command-line passwords can be exposed through shell history, process listings, terminal logs, or agent transcripts.
echo "$password" | sudo -S -- sh -c "$command" ... $0 file-delete /etc/hostname true mypassword
Do not provide sudo passwords to the agent or as command arguments. Prefer a normal interactive sudo prompt in the user's terminal, or have the agent show the command for the user to run manually.