# Send OpenExec — Deterministic Execution Boundary for Agent Systems to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "openexec-skill",
    "name": "OpenExec — Deterministic Execution Boundary for Agent Systems",
    "source": "tencent",
    "type": "skill",
    "category": "AI 智能",
    "sourceUrl": "https://clawhub.ai/trendinghot/openexec-skill",
    "canonicalUrl": "https://clawhub.ai/trendinghot/openexec-skill",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/openexec-skill",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openexec-skill",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "README.md",
      "SECURITY.md",
      "SKILL.md",
      "config/openexec.example.json",
      "main.py",
      "openexec/__init__.py"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "openexec-skill",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-05-02T22:02:22.835Z",
      "expiresAt": "2026-05-09T22:02:22.835Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openexec-skill",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openexec-skill",
        "contentDisposition": "attachment; filename=\"openexec-skill-0.1.10.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "openexec-skill"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/openexec-skill"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/openexec-skill",
    "downloadUrl": "https://openagent3.xyz/downloads/openexec-skill",
    "agentUrl": "https://openagent3.xyz/skills/openexec-skill/agent",
    "manifestUrl": "https://openagent3.xyz/skills/openexec-skill/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/openexec-skill/agent.md"
  }
}
```
## Documentation

### OpenExec — Governed Deterministic Execution (Skill)

OpenExec is a runnable governed execution service.
It executes only what has already been approved.

It is not an agent.
It is not a policy engine.
It does not self-authorize.

OpenExec performs no outbound HTTP, RPC, or governance calls during signature verification or execution. All verification is fully offline. By default, OpenExec uses a local SQLite database (sqlite:///openexec.db). Database network I/O occurs only if explicitly configured by the operator via OPENEXEC_DB_URL.

### Install

pip install -r requirements.txt

### Run (local)

python -m uvicorn main:app --host 0.0.0.0 --port 5000

### Endpoints

GET / → service info (deployment health check)
GET /health → health status, mode, restriction level
GET /ready → readiness check
GET /version → version metadata
POST /execute → execute an approved action deterministically
POST /receipts/verify → verify receipt hash integrity

### 1) Demo mode (default, free)

No external governance required. No env vars required.

export OPENEXEC_MODE=demo

Demo mode still enforces:

deterministic execution
replay protection (nonce uniqueness)
receipt generation

### 2) ClawShield mode (production / business)

Requires a signed approval artifact issued by ClawShield.
OpenExec verifies the Ed25519 signature offline using the configured public key.

export OPENEXEC_MODE=clawshield
export CLAWSHIELD_PUBLIC_KEY="-----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY-----"
export CLAWSHIELD_TENANT_ID="tenant-id"

If signature validation fails, execution is denied.

Note: ClawShield governance SaaS is available at https://clawshield.forgerun.ai/. OpenExec does not contact this URL at runtime. It is provided for reference only.

### Environment Variables

All environment variables are optional. OpenExec runs with zero configuration in demo mode.

VariableDefaultDescriptionOPENEXEC_MODEdemoExecution mode: demo or clawshieldCLAWSHIELD_PUBLIC_KEY(none)PEM-encoded Ed25519 public key for signature verificationCLAWSHIELD_TENANT_ID(none)Tenant identifier for multi-tenant isolationOPENEXEC_ALLOWED_ACTIONS(none)Comma-separated list of permitted actions. If unset, all registered actions are allowedOPENEXEC_DB_URLsqlite:///openexec.dbDatabase URL for execution record persistence

### 90-Second Quickstart (Demo)

Start server:

python -m uvicorn main:app --host 0.0.0.0 --port 5000

Confirm health:

curl http://localhost:5000/health

Execute a deterministic demo action:

curl -X POST http://localhost:5000/execute \\
  -H "Content-Type: application/json" \\
  -d '{
    "action":"echo",
    "payload":{"msg":"hello"},
    "nonce":"unique-1"
  }'

Replay attempt (returns same result, no re-execution):

curl -X POST http://localhost:5000/execute \\
  -H "Content-Type: application/json" \\
  -d '{
    "action":"echo",
    "payload":{"msg":"hello"},
    "nonce":"unique-1"
  }'

### Receipts

Every execution produces a receipt hash.
Receipts are evidence, not logs.

Verify a receipt:

curl -X POST http://localhost:5000/receipts/verify \\
  -H "Content-Type: application/json" \\
  -d '{"exec_id":"<id>","result":"<result_json>","receipt":"<hash>"}'

### What this skill does

Accepts structured execution requests
Enforces replay protection
Executes deterministically (approved parameters only)
Emits verifiable receipts for every attempt
In ClawShield mode: verifies signed approvals before execution
Supports optional execution allow-list via environment variable

### What this skill does not do

Define policy
Grant permissions
Reason autonomously
Override governance decisions
Self-authorize execution
Make outbound HTTP or governance calls during execution
Provide OS-level sandboxing or container isolation

### Security Boundary Notice

OpenExec enforces execution boundaries at the application layer.
It does not provide OS-level sandboxing.
Deploy behind containerization, VM isolation, or hardened environments
when actions interact with production systems.

OpenExec enforces authority separation.
It is not a sandbox.

### Architecture context (3-layer separation)

OpenExec -- deterministic execution adapter (this skill)
ClawShield -- governance + approval minting (SaaS): https://clawshield.forgerun.ai/
ClawLedger -- witness ledger (optional integration)

Each layer is replaceable. No single layer can act alone.

### Security Documentation

A full security model, threat assumptions, and production hardening
checklist are available in SECURITY.md.

This skill intentionally separates:

Execution enforcement (OpenExec)
Infrastructure isolation (operator responsibility)

### Execution Safety Guarantees

This skill:

Does not dynamically load code
Does not evaluate user input as code
Uses a static handler registry
Does not install packages at runtime
Does not fetch remote execution logic
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: trendinghot
- Version: 0.1.10
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-05-02T22:02:22.835Z
- Expires at: 2026-05-09T22:02:22.835Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/openexec-skill)
- [Send to Agent page](https://openagent3.xyz/skills/openexec-skill/agent)
- [JSON manifest](https://openagent3.xyz/skills/openexec-skill/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/openexec-skill/agent.md)
- [Download page](https://openagent3.xyz/downloads/openexec-skill)