Safe Cron Runner 🛡️
A secure background task executor for AI Agents.
Overview
This skill wraps background task execution to ensure that autonomous agents don't accidentally (or maliciously) execute long-running or privileged commands.
Key Protections
- 1. Privilege Dropping: Automatically drops root privileges (switches to
nobody) before executing the subprocess. - Strict Timeouts: Enforces hard timeouts to prevent infinite loops or resource exhaustion.
- Shell Injection Protection: Uses list-based command execution (subprocess without shell) to prevent common command injection attacks.
- Transparent Logging: Separates and logs
stdout, stderr, and execution status for auditability.
ISNAD Signed
This skill includes an ISNAD manifest (
isnad_manifest.json) verifying the integrity of the release.
Usage
CODEBLOCK0
技能名称: safe-cron-runner
Safe Cron Runner 🛡️
面向AI代理的安全后台任务执行器。
概述
该技能封装了后台任务执行功能,确保自主代理不会意外(或恶意)执行长时间运行或特权命令。
关键保护机制
- 1. 权限降级: 在执行子进程前自动降低root权限(切换至nobody用户)。
- 严格超时: 强制执行硬性超时限制,防止无限循环或资源耗尽。
- Shell注入防护: 采用基于列表的命令执行方式(无shell子进程),防范常见命令注入攻击。
- 透明日志: 分离并记录stdout、stderr及执行状态,便于审计追溯。
ISNAD签名认证
该技能包含ISNAD清单文件(isnad_manifest.json),用于验证发布版本的完整性。
使用示例
python
from safe_cron import SafeCronRunner
runner = SafeCronRunner(safeuser=nobody, timeoutsec=60)
以列表形式安全执行命令
result = runner.run_task([ls, -la, /tmp])
print(result)
