ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified system Safety 5/5

safe-exec

Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agents need to execute shell commands that may be dangerous (rm -rf, dd, fork bombs, system directory modifications) or require human oversight. Provides multi-level risk assessment (CRITICAL/HIGH/MEDIUM/LOW), in-session notifications, pending request management, and non-interactive environment support for agent automation.

Why use this skill?

Add a security layer to your OpenClaw agent with SafeExec. Automatically detect dangerous shell commands, intercept risks, and approve system changes with an integrated audit workflow.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/ottttto/safe-exec
Or

What This Skill Does

SafeExec provides an essential security layer for your OpenClaw agent by acting as a gateway between agent-generated shell commands and your host operating system. Rather than allowing an agent to freely execute arbitrary commands, SafeExec monitors every operation, runs it through an intelligent risk assessment engine, and intercepts any command identified as potentially dangerous. It utilizes a multi-tier risk rating system (CRITICAL, HIGH, MEDIUM, LOW) to differentiate between benign tasks and those that could lead to system instability or data loss. By introducing an mandatory user approval workflow, it ensures that you remain the final authority on all system-level modifications, such as file system destruction or unauthorized service configuration changes.

Installation

The most streamlined method to add this protection is to request the installation directly via your OpenClaw chat interface by typing: "Help me install SafeExec skill from ClawdHub". The system will handle the repository cloning and dependency configuration automatically. Alternatively, for manual control, you can use the ClawdHub CLI by running clawdhub install safe-exec after setting your registry environment variable, or by cloning the source code directly from https://github.com/OTTTTTO/safe-exec.git into your ~/.openclaw/skills/ directory. Once installed, activate the monitoring capabilities by simply stating "Enable SafeExec" in your terminal chat.

Use Cases

SafeExec is designed for users who want to leverage the speed and power of AI-driven automation without exposing their local environment to unintended consequences. It is ideal for developers who allow agents to manage their build environments, perform automated file cleanup, or maintain local server configurations. It acts as a safety net during exploratory AI sessions where the agent might inadvertently suggest commands that affect system directories or delete important project assets. It also serves as a robust auditing tool, logging all command attempts in ~/.openclaw/safe-exec-audit.log, providing full traceability for debugging or security audits.

Example Prompts

  1. "Enable SafeExec so I can safely let the agent manage my server files."
  2. "List pending command requests that SafeExec has intercepted for my review."
  3. "Approve the pending request ID 4022 for the directory cleanup script."

Tips & Limitations

To maximize the utility of SafeExec, ensure that your terminal environment is properly configured so that in-session notifications are visible. Be aware that the tool is designed for shell-level protection; it does not replace application-level security or sandbox container isolation. While it prevents common mistakes like rm -rf /, it is still advised to run mission-critical agents within virtualized containers or dedicated user profiles with limited privileges. Always review the ~/.openclaw/safe-exec-rules.json file if you need to customize which command patterns are considered 'dangerous' for your specific environment.

Read Full Documentation on GitHub

Metadata

Author@ottttto
Stars1249
Views0
Updated2026-02-21
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-ottttto-safe-exec": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#automation#shell#monitoring#audit
Safety Score: 5/5

Flags: file-write, file-read, code-execution