safe-exec

5
1
Source

Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agents need to execute shell commands that may be dangerous (rm -rf, dd, fork bombs, system directory modifications) or require human oversight. Provides multi-level risk assessment (CRITICAL/HIGH/MEDIUM/LOW), in-session notifications, pending request management, and non-interactive environment support for agent automation.

Install

mkdir -p .claude/skills/safe-exec && curl -L -o skill.zip "https://mcp.directory/api/skills/download/5731" && unzip -o skill.zip -d .claude/skills/safe-exec && rm skill.zip

Installs to .claude/skills/safe-exec

About this skill

SafeExec - Safe Command Execution

Provides secure command execution capabilities for OpenClaw Agents with automatic interception of dangerous operations and approval workflow.

Features

  • 🔍 Automatic danger pattern detection - Identifies risky commands before execution
  • 🚨 Risk-based interception - Multi-level assessment (CRITICAL/HIGH/MEDIUM/LOW)
  • 💬 In-session notifications - Real-time alerts in your current terminal/session
  • User approval workflow - Commands wait for explicit confirmation
  • 📊 Complete audit logging - Full traceability of all operations
  • 🤖 Agent-friendly - Non-interactive mode support for automated workflows
  • 🔧 Platform-agnostic - Works independently of communication tools (webchat, Feishu, Telegram, etc.)
  • 🔐 Security-focused - No monitoring, no external notifications, no network calls

Agent Mode

When called by OpenClaw agents in non-interactive environments:

  • Automatic bypass of confirmation prompts - Prevents agent hanging
  • Full audit logging - All executions recorded with mode label (agent_auto vs user_approved)
  • Safety preserved - Danger pattern detection and risk assessment remain active
  • Intended use case - Automated workflows with human oversight via audit logs

Environment variables:

  • OPENCLAW_AGENT_CALL - Set by OpenClaw when agent executes commands
  • SAFE_EXEC_AUTO_CONFIRM - Manual override to auto-approve LOW/MEDIUM risk commands

Security Note: Agent mode does not disable safety checks. CRITICAL and HIGH risk commands are still intercepted, logged, and can be reviewed in audit trail.

Quick Start

Installation (One Command)

The easiest way to install SafeExec:

Just say in your OpenClaw chat:

Help me install SafeExec skill from ClawdHub

OpenClaw will automatically download, install, and configure SafeExec for you!

Alternative: Manual Installation

If you prefer manual installation:

# Clone from GitHub
git clone https://github.com/OTTTTTO/safe-exec.git ~/.openclaw/skills/safe-exec

# Make scripts executable
chmod +x ~/.openclaw/skills/safe-exec/safe-exec*.sh

# Create symlinks to PATH (optional)
ln -s ~/.openclaw/skills/safe-exec/safe-exec.sh ~/.local/bin/safe-exec
ln -s ~/.openclaw/skills/safe-exec/safe-exec-*.sh ~/.local/bin/

Enable SafeExec

After installation, simply say:

Enable SafeExec

SafeExec will start monitoring all shell commands automatically!

How It Works

Once enabled, SafeExec automatically monitors all shell command executions. When a potentially dangerous command is detected, it intercepts the execution and requests your approval through in-session terminal notifications.

Architecture:

  • Requests stored in: ~/.openclaw/safe-exec/pending/
  • Audit log: ~/.openclaw/safe-exec-audit.log
  • Rules config: ~/.openclaw/safe-exec-rules.json
  • No external network calls
  • No background monitoring processes

Usage

Enable SafeExec:

Enable SafeExec
Turn on SafeExec
Start SafeExec

Once enabled, SafeExec runs transparently in the background. Agents can execute commands normally, and SafeExec will automatically intercept dangerous operations:

Delete all files in /tmp/test
Format the USB drive

SafeExec detects the risk level and displays an in-session prompt for approval.

Risk Levels

CRITICAL: System-destructive commands (rm -rf /, dd, mkfs, fork bombs) HIGH: User data deletion or significant system changes (chmod 777, curl | bash) MEDIUM: Service operations or configuration changes (sudo, firewall modifications) LOW: Read operations and safe file manipulations

Approval Workflow

  1. Agent executes a command
  2. SafeExec analyzes the risk level
  3. In-session notification displayed in your terminal
  4. Approve or reject via:
    • Terminal: safe-exec-approve <request_id>
    • List pending: safe-exec-list
    • Reject: safe-exec-reject <request_id>
  5. Command executes or is cancelled

Example notification:

🚨 **Dangerous Operation Detected - Command Intercepted**

**Risk Level:** CRITICAL
**Command:** `rm -rf /tmp/test`
**Reason:** Recursive deletion with force flag

**Request ID:** `req_1769938492_9730`

ℹ️  This command requires user approval to execute.

**Approval Methods:**
1. In terminal: `safe-exec-approve req_1769938492_9730`
2. Or: `safe-exec-list` to view all pending requests

**Rejection Method:**
 `safe-exec-reject req_1769938492_9730`

Configuration

Environment variables for customization:

  • SAFE_EXEC_DISABLE - Set to '1' to globally disable safe-exec
  • OPENCLAW_AGENT_CALL - Automatically enabled in agent mode (non-interactive)
  • SAFE_EXEC_AUTO_CONFIRM - Auto-approve LOW/MEDIUM risk commands

Examples

Enable SafeExec:

Enable SafeExec

After enabling, agents work normally:

Delete old log files from /var/log

SafeExec automatically detects this is HIGH risk (deletion) and displays an in-session approval prompt.

Safe operations pass through without interruption:

List files in /home/user/documents

This is LOW risk and executes without approval.

Global Control

Check status:

safe-exec-list

View audit log:

cat ~/.openclaw/safe-exec-audit.log

Disable SafeExec globally:

Disable SafeExec

Or set environment variable:

export SAFE_EXEC_DISABLE=1

Reporting Issues

Found a bug? Have a feature request?

Please report issues at: 🔗 https://github.com/OTTTTTO/safe-exec/issues

We welcome community feedback, bug reports, and feature suggestions!

When reporting issues, please include:

  • SafeExec version (run: grep "VERSION" ~/.openclaw/skills/safe-exec/safe-exec.sh)
  • OpenClaw version
  • Steps to reproduce
  • Expected vs actual behavior
  • Relevant logs from ~/.openclaw/safe-exec-audit.log

Audit Log

All command executions are logged with:

  • Timestamp
  • Command executed
  • Risk level
  • Execution mode (user_approved / agent_auto)
  • Approval status
  • Execution result
  • Request ID for traceability

Log location: ~/.openclaw/safe-exec-audit.log

Security & Privacy

What SafeExec does:

  • ✅ Intercepts shell commands before execution
  • ✅ Detects dangerous patterns using regex matching
  • ✅ Requests user approval for risky commands
  • ✅ Logs all executions to local audit file
  • ✅ Works entirely locally on your machine

What SafeExec does NOT do:

  • ❌ No monitoring of chat sessions or conversation history
  • ❌ No reading of OpenClaw session data
  • ❌ No external network requests (except git clone during installation)
  • ❌ No sending data to external services
  • ❌ No background monitoring processes or cron jobs
  • ❌ No integration with external notification services (Feishu, webhooks, etc.)

Integration

SafeExec integrates seamlessly with OpenClaw agents. Once enabled, it works transparently without requiring changes to agent behavior or command structure. The approval workflow is entirely local and independent of any external communication platform.

Platform Independence

SafeExec operates at the session level, working with any communication channel your OpenClaw instance supports (webchat, Feishu, Telegram, Discord, etc.). The approval workflow happens through your terminal, ensuring you maintain control regardless of how you're interacting with your agent.

Support & Community

License

MIT License - See LICENSE for details.

a-stock-analysis

openclaw

A股实时行情与分时量能分析。获取沪深股票实时价格、涨跌、成交量,分析分时量能分布(早盘/尾盘放量)、主力动向(抢筹/出货信号)、涨停封单。支持持仓管理和盈亏分析。Use when: (1) 查询A股实时行情, (2) 分析主力资金动向, (3) 查看分时成交量分布, (4) 管理股票持仓, (5) 分析持仓盈亏。

757288

fivem

openclaw

Fix, create, or validate FiveM server resources for QBCore/ESX (config.lua, fxmanifest.lua, items, housing/furniture, scripts, MLOs). Use when asked to debug resource errors, convert ESX↔QB, update fxmanifest versions, add items, or source scripts from GitHub. Also use for SSH key generation for SFTP access.

416258

research-paper-writer

openclaw

Creates formal academic research papers following IEEE/ACM formatting standards with proper structure, citations, and scholarly writing style. Use when the user asks to write a research paper, academic paper, or conference paper on any topic.

81168

keyword-research

openclaw

Discovers high-value keywords with search intent analysis, difficulty assessment, and content opportunity mapping. Essential for starting any SEO or GEO content strategy.

442107

html-to-ppt

openclaw

Convert HTML/Markdown to PowerPoint presentations using Marp

33589

weread

openclaw

WeChat Reading (微信读书) CLI tool for fetching notes and highlights. Use when: (1) user asks about weread/微信读书 notes or highlights, (2) fetching today's or recent reading notes, (3) exporting book highlights, (4) managing reading bookshelf, (5) any task involving reading notes from WeChat Reading.

11285

You might also like

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

2,8862,530

pdf-to-markdown

aliceisjustplaying

Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.

3,8131,657

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

2,1521,641

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

2,2681,468

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

2,4681,225

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

1,959969