{ "schemaVersion": "1.0", "item": { "slug": "safe-exec-0-3-2", "name": "Safe Exec 0.3.2", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/Lucky-2968/safe-exec-0-3-2", "canonicalUrl": "https://clawhub.ai/Lucky-2968/safe-exec-0-3-2", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/safe-exec-0-3-2", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=safe-exec-0-3-2", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CHANGELOG.md", "IMPACT_ASSESSMENT.md", "PROJECT_STRUCTURE.md", "README-detail.md", "README.md", "README_EN.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/safe-exec-0-3-2" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/safe-exec-0-3-2", "agentPageUrl": "https://openagent3.xyz/skills/safe-exec-0-3-2/agent", "manifestUrl": "https://openagent3.xyz/skills/safe-exec-0-3-2/agent.json", "briefUrl": "https://openagent3.xyz/skills/safe-exec-0-3-2/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "SafeExec - Safe Command Execution", "body": "Provides secure command execution capabilities for OpenClaw Agents with automatic interception of dangerous operations and approval workflow." }, { "title": "Features", "body": "πŸ” Automatic danger pattern detection - Identifies risky commands before execution\n🚨 Risk-based interception - Multi-level assessment (CRITICAL/HIGH/MEDIUM/LOW)\nπŸ’¬ In-session notifications - Real-time alerts in your current terminal/session\nβœ… User approval workflow - Commands wait for explicit confirmation\nπŸ“Š Complete audit logging - Full traceability of all operations\nπŸ€– Agent-friendly - Non-interactive mode support for automated workflows\nπŸ”§ Platform-agnostic - Works independently of communication tools (Feishu, Telegram, etc.)" }, { "title": "Installation (One Command)", "body": "The easiest way to install SafeExec:\n\nJust say in your OpenClaw chat:\n\nHelp me install SafeExec skill from ClawdHub\n\nOpenClaw will automatically download, install, and configure SafeExec for you!" }, { "title": "Alternative: Manual Installation", "body": "If you prefer manual installation:\n\n# Using ClawdHub CLI\nexport CLAWDHUB_REGISTRY=https://www.clawhub.ai\nclawdhub install safe-exec\n\n# Or download directly from GitHub\ngit clone https://github.com/OTTTTTO/safe-exec.git ~/.openclaw/skills/safe-exec\nchmod +x ~/.openclaw/skills/safe-exec/safe-exec*.sh" }, { "title": "Enable SafeExec", "body": "After installation, simply say:\n\nEnable SafeExec\n\nSafeExec will start monitoring all shell commands automatically!" }, { "title": "How It Works", "body": "Once enabled, SafeExec automatically monitors all shell command executions. When a potentially dangerous command is detected, it intercepts the execution and requests your approval through in-session terminal notifications.\n\nArchitecture:\n\nRequests stored in: ~/.openclaw/safe-exec/pending/\nAudit log: ~/.openclaw/safe-exec-audit.log\nRules config: ~/.openclaw/safe-exec-rules.json" }, { "title": "Usage", "body": "Enable SafeExec:\n\nEnable SafeExec\n\nTurn on SafeExec\n\nStart SafeExec\n\nOnce enabled, SafeExec runs transparently in the background. Agents can execute commands normally, and SafeExec will automatically intercept dangerous operations:\n\nDelete all files in /tmp/test\n\nFormat the USB drive\n\nSafeExec detects the risk level and displays an in-session prompt for approval." }, { "title": "Risk Levels", "body": "CRITICAL: System-destructive commands (rm -rf /, dd, mkfs, etc.)\nHIGH: User data deletion or significant system changes\nMEDIUM: Service operations or configuration changes\nLOW: Read operations and safe file manipulations" }, { "title": "Approval Workflow", "body": "Agent executes a command\nSafeExec analyzes the risk level\nIn-session notification displayed in your terminal\nApprove or reject via:\n\nTerminal: safe-exec-approve \nList pending: safe-exec-list\nReject: safe-exec-reject \n\n\nCommand executes or is cancelled\n\nExample notification:\n\n🚨 **Dangerous Operation Detected - Command Intercepted**\n\n**Risk Level:** CRITICAL\n**Command:** `rm -rf /tmp/test`\n**Reason:** Recursive deletion with force flag\n\n**Request ID:** `req_1769938492_9730`\n\nℹ️ This command requires user approval to execute.\n\n**Approval Methods:**\n1. In terminal: `safe-exec-approve req_1769938492_9730`\n2. Or: `safe-exec-list` to view all pending requests\n\n**Rejection Method:**\n `safe-exec-reject req_1769938492_9730`" }, { "title": "Configuration", "body": "Environment variables for customization:\n\nSAFE_EXEC_DISABLE - Set to '1' to globally disable safe-exec\nOPENCLAW_AGENT_CALL - Automatically enabled in agent mode (non-interactive)\nSAFE_EXEC_AUTO_CONFIRM - Auto-approve LOW/MEDIUM risk commands" }, { "title": "Examples", "body": "Enable SafeExec:\n\nEnable SafeExec\n\nAfter enabling, agents work normally:\n\nDelete old log files from /var/log\n\nSafeExec automatically detects this is HIGH risk (deletion) and displays an in-session approval prompt.\n\nSafe operations pass through without interruption:\n\nList files in /home/user/documents\n\nThis is LOW risk and executes without approval." }, { "title": "Global Control", "body": "Check status:\n\nsafe-exec-list\n\nView audit log:\n\ncat ~/.openclaw/safe-exec-audit.log\n\nDisable SafeExec globally:\n\nDisable SafeExec\n\nOr set environment variable:\n\nexport SAFE_EXEC_DISABLE=1" }, { "title": "Reporting Issues", "body": "Found a bug? Have a feature request?\n\nPlease report issues at:\nπŸ”— https://github.com/OTTTTTO/safe-exec/issues\n\nWe welcome community feedback, bug reports, and feature suggestions!\n\nWhen reporting issues, please include:\n\nSafeExec version (run: grep \"VERSION\" ~/.openclaw/skills/safe-exec/safe-exec.sh)\nOpenClaw version\nSteps to reproduce\nExpected vs actual behavior\nRelevant logs from ~/.openclaw/safe-exec-audit.log" }, { "title": "Audit Log", "body": "All command executions are logged with:\n\nTimestamp\nCommand executed\nRisk level\nApproval status\nExecution result\nRequest ID for traceability\n\nLog location: ~/.openclaw/safe-exec-audit.log" }, { "title": "Integration", "body": "SafeExec integrates seamlessly with OpenClaw agents. Once enabled, it works transparently without requiring changes to agent behavior or command structure. The approval workflow is entirely local and independent of any external communication platform." }, { "title": "Platform Independence", "body": "SafeExec operates at the session level, working with any communication channel your OpenClaw instance supports (webchat, Feishu, Telegram, Discord, etc.). The approval workflow happens through your terminal, ensuring you maintain control regardless of how you're interacting with your agent." }, { "title": "Support & Community", "body": "GitHub Repository: https://github.com/OTTTTTO/safe-exec\nIssue Tracker: https://github.com/OTTTTTO/safe-exec/issues\nDocumentation: README.md\nClawdHub: https://www.clawhub.ai/skills/safe-exec" }, { "title": "License", "body": "MIT License - See LICENSE for details." } ], "body": "SafeExec - Safe Command Execution\n\nProvides secure command execution capabilities for OpenClaw Agents with automatic interception of dangerous operations and approval workflow.\n\nFeatures\nπŸ” Automatic danger pattern detection - Identifies risky commands before execution\n🚨 Risk-based interception - Multi-level assessment (CRITICAL/HIGH/MEDIUM/LOW)\nπŸ’¬ In-session notifications - Real-time alerts in your current terminal/session\nβœ… User approval workflow - Commands wait for explicit confirmation\nπŸ“Š Complete audit logging - Full traceability of all operations\nπŸ€– Agent-friendly - Non-interactive mode support for automated workflows\nπŸ”§ Platform-agnostic - Works independently of communication tools (Feishu, Telegram, etc.)\nQuick Start\nInstallation (One Command)\n\nThe easiest way to install SafeExec:\n\nJust say in your OpenClaw chat:\n\nHelp me install SafeExec skill from ClawdHub\n\n\nOpenClaw will automatically download, install, and configure SafeExec for you!\n\nAlternative: Manual Installation\n\nIf you prefer manual installation:\n\n# Using ClawdHub CLI\nexport CLAWDHUB_REGISTRY=https://www.clawhub.ai\nclawdhub install safe-exec\n\n# Or download directly from GitHub\ngit clone https://github.com/OTTTTTO/safe-exec.git ~/.openclaw/skills/safe-exec\nchmod +x ~/.openclaw/skills/safe-exec/safe-exec*.sh\n\nEnable SafeExec\n\nAfter installation, simply say:\n\nEnable SafeExec\n\n\nSafeExec will start monitoring all shell commands automatically!\n\nHow It Works\n\nOnce enabled, SafeExec automatically monitors all shell command executions. When a potentially dangerous command is detected, it intercepts the execution and requests your approval through in-session terminal notifications.\n\nArchitecture:\n\nRequests stored in: ~/.openclaw/safe-exec/pending/\nAudit log: ~/.openclaw/safe-exec-audit.log\nRules config: ~/.openclaw/safe-exec-rules.json\nUsage\n\nEnable SafeExec:\n\nEnable SafeExec\n\nTurn on SafeExec\n\nStart SafeExec\n\n\nOnce enabled, SafeExec runs transparently in the background. Agents can execute commands normally, and SafeExec will automatically intercept dangerous operations:\n\nDelete all files in /tmp/test\n\nFormat the USB drive\n\n\nSafeExec detects the risk level and displays an in-session prompt for approval.\n\nRisk Levels\n\nCRITICAL: System-destructive commands (rm -rf /, dd, mkfs, etc.) HIGH: User data deletion or significant system changes MEDIUM: Service operations or configuration changes LOW: Read operations and safe file manipulations\n\nApproval Workflow\nAgent executes a command\nSafeExec analyzes the risk level\nIn-session notification displayed in your terminal\nApprove or reject via:\nTerminal: safe-exec-approve \nList pending: safe-exec-list\nReject: safe-exec-reject \nCommand executes or is cancelled\n\nExample notification:\n\n🚨 **Dangerous Operation Detected - Command Intercepted**\n\n**Risk Level:** CRITICAL\n**Command:** `rm -rf /tmp/test`\n**Reason:** Recursive deletion with force flag\n\n**Request ID:** `req_1769938492_9730`\n\nℹ️ This command requires user approval to execute.\n\n**Approval Methods:**\n1. In terminal: `safe-exec-approve req_1769938492_9730`\n2. Or: `safe-exec-list` to view all pending requests\n\n**Rejection Method:**\n `safe-exec-reject req_1769938492_9730`\n\nConfiguration\n\nEnvironment variables for customization:\n\nSAFE_EXEC_DISABLE - Set to '1' to globally disable safe-exec\nOPENCLAW_AGENT_CALL - Automatically enabled in agent mode (non-interactive)\nSAFE_EXEC_AUTO_CONFIRM - Auto-approve LOW/MEDIUM risk commands\nExamples\n\nEnable SafeExec:\n\nEnable SafeExec\n\n\nAfter enabling, agents work normally:\n\nDelete old log files from /var/log\n\n\nSafeExec automatically detects this is HIGH risk (deletion) and displays an in-session approval prompt.\n\nSafe operations pass through without interruption:\n\nList files in /home/user/documents\n\n\nThis is LOW risk and executes without approval.\n\nGlobal Control\n\nCheck status:\n\nsafe-exec-list\n\n\nView audit log:\n\ncat ~/.openclaw/safe-exec-audit.log\n\n\nDisable SafeExec globally:\n\nDisable SafeExec\n\n\nOr set environment variable:\n\nexport SAFE_EXEC_DISABLE=1\n\nReporting Issues\n\nFound a bug? Have a feature request?\n\nPlease report issues at: πŸ”— https://github.com/OTTTTTO/safe-exec/issues\n\nWe welcome community feedback, bug reports, and feature suggestions!\n\nWhen reporting issues, please include:\n\nSafeExec version (run: grep \"VERSION\" ~/.openclaw/skills/safe-exec/safe-exec.sh)\nOpenClaw version\nSteps to reproduce\nExpected vs actual behavior\nRelevant logs from ~/.openclaw/safe-exec-audit.log\nAudit Log\n\nAll command executions are logged with:\n\nTimestamp\nCommand executed\nRisk level\nApproval status\nExecution result\nRequest ID for traceability\n\nLog location: ~/.openclaw/safe-exec-audit.log\n\nIntegration\n\nSafeExec integrates seamlessly with OpenClaw agents. Once enabled, it works transparently without requiring changes to agent behavior or command structure. The approval workflow is entirely local and independent of any external communication platform.\n\nPlatform Independence\n\nSafeExec operates at the session level, working with any communication channel your OpenClaw instance supports (webchat, Feishu, Telegram, Discord, etc.). The approval workflow happens through your terminal, ensuring you maintain control regardless of how you're interacting with your agent.\n\nSupport & Community\nGitHub Repository: https://github.com/OTTTTTO/safe-exec\nIssue Tracker: https://github.com/OTTTTTO/safe-exec/issues\nDocumentation: README.md\nClawdHub: https://www.clawhub.ai/skills/safe-exec\nLicense\n\nMIT License - See LICENSE for details." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/Lucky-2968/safe-exec-0-3-2", "publisherUrl": "https://clawhub.ai/Lucky-2968/safe-exec-0-3-2", "owner": "Lucky-2968", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/safe-exec-0-3-2", "downloadUrl": "https://openagent3.xyz/downloads/safe-exec-0-3-2", "agentUrl": "https://openagent3.xyz/skills/safe-exec-0-3-2/agent", "manifestUrl": "https://openagent3.xyz/skills/safe-exec-0-3-2/agent.json", "briefUrl": "https://openagent3.xyz/skills/safe-exec-0-3-2/agent.md" } }