{ "schemaVersion": "1.0", "item": { "slug": "openexec-skill", "name": "OpenExec — Deterministic Execution Boundary for Agent Systems", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/trendinghot/openexec-skill", "canonicalUrl": "https://clawhub.ai/trendinghot/openexec-skill", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/openexec-skill", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openexec-skill", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SECURITY.md", "SKILL.md", "config/openexec.example.json", "main.py", "openexec/__init__.py" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/openexec-skill" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/openexec-skill", "agentPageUrl": "https://openagent3.xyz/skills/openexec-skill/agent", "manifestUrl": "https://openagent3.xyz/skills/openexec-skill/agent.json", "briefUrl": "https://openagent3.xyz/skills/openexec-skill/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "OpenExec — Governed Deterministic Execution (Skill)", "body": "OpenExec is a runnable governed execution service.\nIt executes only what has already been approved.\n\nIt is not an agent.\nIt is not a policy engine.\nIt does not self-authorize.\n\nOpenExec performs no outbound HTTP, RPC, or governance calls during signature verification or execution. All verification is fully offline. By default, OpenExec uses a local SQLite database (sqlite:///openexec.db). Database network I/O occurs only if explicitly configured by the operator via OPENEXEC_DB_URL." }, { "title": "Install", "body": "pip install -r requirements.txt" }, { "title": "Run (local)", "body": "python -m uvicorn main:app --host 0.0.0.0 --port 5000" }, { "title": "Endpoints", "body": "GET / → service info (deployment health check)\nGET /health → health status, mode, restriction level\nGET /ready → readiness check\nGET /version → version metadata\nPOST /execute → execute an approved action deterministically\nPOST /receipts/verify → verify receipt hash integrity" }, { "title": "1) Demo mode (default, free)", "body": "No external governance required. No env vars required.\n\nexport OPENEXEC_MODE=demo\n\nDemo mode still enforces:\n\ndeterministic execution\nreplay protection (nonce uniqueness)\nreceipt generation" }, { "title": "2) ClawShield mode (production / business)", "body": "Requires a signed approval artifact issued by ClawShield.\nOpenExec verifies the Ed25519 signature offline using the configured public key.\n\nexport OPENEXEC_MODE=clawshield\nexport CLAWSHIELD_PUBLIC_KEY=\"-----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY-----\"\nexport CLAWSHIELD_TENANT_ID=\"tenant-id\"\n\nIf signature validation fails, execution is denied.\n\nNote: ClawShield governance SaaS is available at https://clawshield.forgerun.ai/. OpenExec does not contact this URL at runtime. It is provided for reference only." }, { "title": "Environment Variables", "body": "All environment variables are optional. OpenExec runs with zero configuration in demo mode.\n\nVariableDefaultDescriptionOPENEXEC_MODEdemoExecution mode: demo or clawshieldCLAWSHIELD_PUBLIC_KEY(none)PEM-encoded Ed25519 public key for signature verificationCLAWSHIELD_TENANT_ID(none)Tenant identifier for multi-tenant isolationOPENEXEC_ALLOWED_ACTIONS(none)Comma-separated list of permitted actions. If unset, all registered actions are allowedOPENEXEC_DB_URLsqlite:///openexec.dbDatabase URL for execution record persistence" }, { "title": "90-Second Quickstart (Demo)", "body": "Start server:\n\npython -m uvicorn main:app --host 0.0.0.0 --port 5000\n\nConfirm health:\n\ncurl http://localhost:5000/health\n\nExecute a deterministic demo action:\n\ncurl -X POST http://localhost:5000/execute \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"action\":\"echo\",\n \"payload\":{\"msg\":\"hello\"},\n \"nonce\":\"unique-1\"\n }'\n\nReplay attempt (returns same result, no re-execution):\n\ncurl -X POST http://localhost:5000/execute \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"action\":\"echo\",\n \"payload\":{\"msg\":\"hello\"},\n \"nonce\":\"unique-1\"\n }'" }, { "title": "Receipts", "body": "Every execution produces a receipt hash.\nReceipts are evidence, not logs.\n\nVerify a receipt:\n\ncurl -X POST http://localhost:5000/receipts/verify \\\n -H \"Content-Type: application/json\" \\\n -d '{\"exec_id\":\"\",\"result\":\"\",\"receipt\":\"\"}'" }, { "title": "What this skill does", "body": "Accepts structured execution requests\nEnforces replay protection\nExecutes deterministically (approved parameters only)\nEmits verifiable receipts for every attempt\nIn ClawShield mode: verifies signed approvals before execution\nSupports optional execution allow-list via environment variable" }, { "title": "What this skill does not do", "body": "Define policy\nGrant permissions\nReason autonomously\nOverride governance decisions\nSelf-authorize execution\nMake outbound HTTP or governance calls during execution\nProvide OS-level sandboxing or container isolation" }, { "title": "Security Boundary Notice", "body": "OpenExec enforces execution boundaries at the application layer.\nIt does not provide OS-level sandboxing.\nDeploy behind containerization, VM isolation, or hardened environments\nwhen actions interact with production systems.\n\nOpenExec enforces authority separation.\nIt is not a sandbox." }, { "title": "Architecture context (3-layer separation)", "body": "OpenExec -- deterministic execution adapter (this skill)\nClawShield -- governance + approval minting (SaaS): https://clawshield.forgerun.ai/\nClawLedger -- witness ledger (optional integration)\n\nEach layer is replaceable. No single layer can act alone." }, { "title": "Security Documentation", "body": "A full security model, threat assumptions, and production hardening\nchecklist are available in SECURITY.md.\n\nThis skill intentionally separates:\n\nExecution enforcement (OpenExec)\nInfrastructure isolation (operator responsibility)" }, { "title": "Execution Safety Guarantees", "body": "This skill:\n\nDoes not dynamically load code\nDoes not evaluate user input as code\nUses a static handler registry\nDoes not install packages at runtime\nDoes not fetch remote execution logic" } ], "body": "OpenExec — Governed Deterministic Execution (Skill)\n\nOpenExec is a runnable governed execution service. It executes only what has already been approved.\n\nIt is not an agent. It is not a policy engine. It does not self-authorize.\n\nOpenExec performs no outbound HTTP, RPC, or governance calls during signature verification or execution. All verification is fully offline. By default, OpenExec uses a local SQLite database (sqlite:///openexec.db). Database network I/O occurs only if explicitly configured by the operator via OPENEXEC_DB_URL.\n\nInstall\npip install -r requirements.txt\n\nRun (local)\npython -m uvicorn main:app --host 0.0.0.0 --port 5000\n\nEndpoints\nGET / → service info (deployment health check)\nGET /health → health status, mode, restriction level\nGET /ready → readiness check\nGET /version → version metadata\nPOST /execute → execute an approved action deterministically\nPOST /receipts/verify → verify receipt hash integrity\nModes\n1) Demo mode (default, free)\n\nNo external governance required. No env vars required.\n\nexport OPENEXEC_MODE=demo\n\n\nDemo mode still enforces:\n\ndeterministic execution\nreplay protection (nonce uniqueness)\nreceipt generation\n2) ClawShield mode (production / business)\n\nRequires a signed approval artifact issued by ClawShield. OpenExec verifies the Ed25519 signature offline using the configured public key.\n\nexport OPENEXEC_MODE=clawshield\nexport CLAWSHIELD_PUBLIC_KEY=\"-----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY-----\"\nexport CLAWSHIELD_TENANT_ID=\"tenant-id\"\n\n\nIf signature validation fails, execution is denied.\n\nNote: ClawShield governance SaaS is available at https://clawshield.forgerun.ai/. OpenExec does not contact this URL at runtime. It is provided for reference only.\n\nEnvironment Variables\n\nAll environment variables are optional. OpenExec runs with zero configuration in demo mode.\n\nVariable\tDefault\tDescription\nOPENEXEC_MODE\tdemo\tExecution mode: demo or clawshield\nCLAWSHIELD_PUBLIC_KEY\t(none)\tPEM-encoded Ed25519 public key for signature verification\nCLAWSHIELD_TENANT_ID\t(none)\tTenant identifier for multi-tenant isolation\nOPENEXEC_ALLOWED_ACTIONS\t(none)\tComma-separated list of permitted actions. If unset, all registered actions are allowed\nOPENEXEC_DB_URL\tsqlite:///openexec.db\tDatabase URL for execution record persistence\n90-Second Quickstart (Demo)\nStart server:\npython -m uvicorn main:app --host 0.0.0.0 --port 5000\n\nConfirm health:\ncurl http://localhost:5000/health\n\nExecute a deterministic demo action:\ncurl -X POST http://localhost:5000/execute \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"action\":\"echo\",\n \"payload\":{\"msg\":\"hello\"},\n \"nonce\":\"unique-1\"\n }'\n\nReplay attempt (returns same result, no re-execution):\ncurl -X POST http://localhost:5000/execute \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"action\":\"echo\",\n \"payload\":{\"msg\":\"hello\"},\n \"nonce\":\"unique-1\"\n }'\n\nReceipts\n\nEvery execution produces a receipt hash. Receipts are evidence, not logs.\n\nVerify a receipt:\n\ncurl -X POST http://localhost:5000/receipts/verify \\\n -H \"Content-Type: application/json\" \\\n -d '{\"exec_id\":\"\",\"result\":\"\",\"receipt\":\"\"}'\n\nWhat this skill does\nAccepts structured execution requests\nEnforces replay protection\nExecutes deterministically (approved parameters only)\nEmits verifiable receipts for every attempt\nIn ClawShield mode: verifies signed approvals before execution\nSupports optional execution allow-list via environment variable\nWhat this skill does not do\nDefine policy\nGrant permissions\nReason autonomously\nOverride governance decisions\nSelf-authorize execution\nMake outbound HTTP or governance calls during execution\nProvide OS-level sandboxing or container isolation\nSecurity Boundary Notice\n\nOpenExec enforces execution boundaries at the application layer. It does not provide OS-level sandboxing. Deploy behind containerization, VM isolation, or hardened environments when actions interact with production systems.\n\nOpenExec enforces authority separation. It is not a sandbox.\n\nArchitecture context (3-layer separation)\nOpenExec -- deterministic execution adapter (this skill)\nClawShield -- governance + approval minting (SaaS): https://clawshield.forgerun.ai/\nClawLedger -- witness ledger (optional integration)\n\nEach layer is replaceable. No single layer can act alone.\n\nSecurity Documentation\n\nA full security model, threat assumptions, and production hardening checklist are available in SECURITY.md.\n\nThis skill intentionally separates:\n\nExecution enforcement (OpenExec)\nInfrastructure isolation (operator responsibility)\nExecution Safety Guarantees\n\nThis skill:\n\nDoes not dynamically load code\nDoes not evaluate user input as code\nUses a static handler registry\nDoes not install packages at runtime\nDoes not fetch remote execution logic" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/trendinghot/openexec-skill", "publisherUrl": "https://clawhub.ai/trendinghot/openexec-skill", "owner": "trendinghot", "version": "0.1.10", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/openexec-skill", "downloadUrl": "https://openagent3.xyz/downloads/openexec-skill", "agentUrl": "https://openagent3.xyz/skills/openexec-skill/agent", "manifestUrl": "https://openagent3.xyz/skills/openexec-skill/agent.json", "briefUrl": "https://openagent3.xyz/skills/openexec-skill/agent.md" } }