SafeExec - Safe Command Execution
Provides secure command execution capabilities for OpenClaw Agents with automatic interception of dangerous operations and approval workflow.
Features
- - 🔍 Automatic danger pattern detection - Identifies risky commands before execution
- 🚨 Risk-based interception - Multi-level assessment (CRITICAL/HIGH/MEDIUM/LOW)
- 💬 In-session notifications - Real-time alerts in your current terminal/session
- ✅ User approval workflow - Commands wait for explicit confirmation
- 📊 Complete audit logging - Full traceability of all operations
- 🤖 Agent-friendly - Non-interactive mode support for automated workflows
- 🔧 Platform-agnostic - Works independently of communication tools (webchat, Feishu, Telegram, etc.)
- 🔐 Security-focused - No monitoring, no external notifications, no network calls
Agent Mode
When called by OpenClaw agents in non-interactive environments:
- - Automatic bypass of confirmation prompts - Prevents agent hanging
- Full audit logging - All executions recorded with mode label (agentauto vs userapproved)
- Safety preserved - Danger pattern detection and risk assessment remain active
- Intended use case - Automated workflows with human oversight via audit logs
Environment variables:
- -
OPENCLAW_AGENT_CALL - Set by OpenClaw when agent executes commands - INLINECODE1� - Manual override to auto-approve LOW/MEDIUM risk commands
Security Note: Agent mode does not disable safety checks. CRITICAL and HIGH risk commands are still intercepted, logged, and can be reviewed in audit trail.
Quick Start
Installation (One Command)
The easiest way to install SafeExec:
Just say in your OpenClaw chat:
�CODEBLOCK0
OpenClaw will automatically download, install, and configure SafeExec for you!
Alternative: Manual Installation
If you prefer manual installation:
CODEBLOCK1
Enable SafeExec
After installation, simply say:
�CODEBLOCK2
SafeExec will start monitoring all shell commands automatically!
How It Works
Once enabled, SafeExec automatically monitors all shell command executions. When a potentially dangerous command is detected, it intercepts the execution and requests your approval through in-session terminal notifications.
Architecture:
- - Requests stored in: �INLINECODE2
- Audit log: �INLINECODE3
- Rules config: �INLINECODE4
- No external network calls
- No background monitoring processes
Usage
Enable SafeExec:
�CODEBLOCK3
CODEBLOCK4
CODEBLOCK5
Once enabled, SafeExec runs transparently in the background. Agents can execute commands normally, and SafeExec will automatically intercept dangerous operations:
CODEBLOCK6
CODEBLOCK7
SafeExec detects the risk level and displays an in-session prompt for approval.
Risk Levels
CRITICAL: System-destructive commands (rm -rf /, dd, mkfs, fork bombs)
HIGH: User data deletion or significant system changes (chmod 777, curl | bash)
MEDIUM: Service operations or configuration changes (sudo, firewall modifications)
LOW: Read operations and safe file manipulations
Approval Workflow
- 1. Agent executes a command
- SafeExec analyzes the risk level
- In-session notification displayed in your terminal
- Approve or reject via:
- Terminal:
safe-exec-approve <request_id>
- List pending:
safe-exec-list
- Reject:
safe-exec-reject <request_id>
- 5. Command executes or is cancelled
Example notification:
�CODEBLOCK8
Configuration
Environment variables for customization:
- -
SAFE_EXEC_DISABLE - Set to '1' to globally disable safe-exec - INLINECODE9� - Automatically enabled in agent mode (non-interactive)
- INLINECODE10� - Auto-approve LOW/MEDIUM risk commands
Examples
Enable SafeExec:
�CODEBLOCK9
After enabling, agents work normally:
�CODEBLOCK10
SafeExec automatically detects this is HIGH risk (deletion) and displays an in-session approval prompt.
Safe operations pass through without interruption:
�CODEBLOCK11
This is LOW risk and executes without approval.
Global Control
Check status:
�CODEBLOCK12
View audit log:
�CODEBLOCK13
Disable SafeExec globally:
�CODEBLOCK14
Or set environment variable:
�CODEBLOCK15
Reporting Issues
Found a bug? Have a feature request?
Please report issues at:
🔗 https://github.com/OTTTTTO/safe-exec/issues
We welcome community feedback, bug reports, and feature suggestions!
When reporting issues, please include:
- - SafeExec version (run:
grep "VERSION" ~/.openclaw/skills/safe-exec/safe-exec.sh) - OpenClaw version
- Steps to reproduce
- Expected vs actual behavior
- Relevant logs from �INLINECODE12
Audit Log
All command executions are logged with:
- - Timestamp
- Command executed
- Risk level
- Execution mode (userapproved / agentauto)
- Approval status
- Execution result
- Request ID for traceability
Log location: �INLINECODE13
Security & Privacy
What SafeExec does:
- - ✅ Intercepts shell commands before execution
- ✅ Detects dangerous patterns using regex matching
- ✅ Requests user approval for risky commands
- ✅ Logs all executions to local audit file
- ✅ Works entirely locally on your machine
What SafeExec does NOT do:
- - ❌ No monitoring of chat sessions or conversation history
- ❌ No reading of OpenClaw session data
- ❌ No external network requests (except git clone during installation)
- ❌ No sending data to external services
- ❌ No background monitoring processes or cron jobs
- ❌ No integration with external notification services (Feishu, webhooks, etc.)
Integration
SafeExec integrates seamlessly with OpenClaw agents. Once enabled, it works transparently without requiring changes to agent behavior or command structure. The approval workflow is entirely local and independent of any external communication platform.
Platform Independence
SafeExec operates at the session level, working with any communication channel your OpenClaw instance supports (webchat, Feishu, Telegram, Discord, etc.). The approval workflow happens through your terminal, ensuring you maintain control regardless of how you're interacting with your agent.
Support & Community
- - GitHub Repository: https://github.com/OTTTTTO/safe-exec
- Issue Tracker: https://github.com/OTTTTTO/safe-exec/issues
- Documentation: README.md
- ClawdHub: https://www.clawhub.ai/skills/safe-exec
License
MIT License - See LICENSE for details.
SafeExec - 安全命令执行
为OpenClaw智能体提供安全的命令执行能力,自动拦截危险操作并引入审批工作流。
功能特性
- - 🔍 自动危险模式检测 - 在执行前识别风险命令
- 🚨 基于风险的拦截 - 多级评估(严重/高/中/低)
- 💬 会话内通知 - 在当前终端/会话中实时告警
- ✅ 用户审批工作流 - 命令需等待明确确认
- 📊 完整审计日志 - 所有操作全程可追溯
- 🤖 智能体友好 - 支持自动化工作流的非交互模式
- 🔧 平台无关 - 独立于通信工具(网页聊天、飞书、Telegram等)
- 🔐 安全优先 - 无监控、无外部通知、无网络调用
智能体模式
当OpenClaw智能体在非交互环境中调用时:
- - 自动跳过确认提示 - 防止智能体挂起
- 完整审计日志 - 所有执行记录带模式标签(agentauto vs userapproved)
- 安全性保留 - 危险模式检测和风险评估保持激活
- 预期用例 - 通过审计日志实现人工监督的自动化工作流
环境变量:
- - OPENCLAWAGENTCALL - 智能体执行命令时由OpenClaw设置
- SAFEEXECAUTO_CONFIRM - 手动覆盖以自动批准低/中风险命令
安全说明: 智能体模式不会禁用安全检查。严重和高风险命令仍会被拦截、记录,并可在审计追踪中查看。
快速开始
安装(一条命令)
安装SafeExec最简单的方式:
只需在OpenClaw聊天中说出:
帮我从ClawdHub安装SafeExec技能
OpenClaw将自动为您下载、安装和配置SafeExec!
备选:手动安装
如果您更喜欢手动安装:
bash
从GitHub克隆
git clone https://github.com/OTTTTTO/safe-exec.git ~/.openclaw/skills/safe-exec
赋予脚本可执行权限
chmod +x ~/.openclaw/skills/safe-exec/safe-exec*.sh
创建PATH符号链接(可选)
ln -s ~/.openclaw/skills/safe-exec/safe-exec.sh ~/.local/bin/safe-exec
ln -s ~/.openclaw/skills/safe-exec/safe-exec-*.sh ~/.local/bin/
启用SafeExec
安装后,只需说出:
启用SafeExec
SafeExec将自动开始监控所有shell命令!
工作原理
启用后,SafeExec自动监控所有shell命令执行。当检测到潜在危险命令时,它会拦截执行并通过会话内终端通知请求您的批准。
架构:
- - 请求存储于:~/.openclaw/safe-exec/pending/
- 审计日志:~/.openclaw/safe-exec-audit.log
- 规则配置:~/.openclaw/safe-exec-rules.json
- 无外部网络调用
- 无后台监控进程
使用方法
启用SafeExec:
启用SafeExec
打开SafeExec
启动SafeExec
启用后,SafeExec在后台透明运行。智能体可以正常执行命令,SafeExec会自动拦截危险操作:
删除/tmp/test中的所有文件
格式化USB驱动器
SafeExec检测风险等级并在会话中显示审批提示。
风险等级
严重:系统破坏性命令(rm -rf /, dd, mkfs, fork炸弹)
高:用户数据删除或重大系统更改(chmod 777, curl | bash)
中:服务操作或配置更改(sudo, 防火墙修改)
低:读取操作和安全文件操作
审批工作流
- 1. 智能体执行命令
- SafeExec分析风险等级
- 会话内通知显示在您的终端中
- 通过以下方式批准或拒绝:
- 终端:safe-exec-approve <请求ID>
- 列出待处理:safe-exec-list
- 拒绝:safe-exec-reject <请求ID>
- 5. 命令执行或取消
示例通知:
🚨 检测到危险操作 - 命令已拦截
风险等级: 严重
命令: rm -rf /tmp/test
原因: 带强制标志的递归删除
请求ID: req17699384929730
ℹ️ 此命令需要用户批准才能执行。
批准方法:
- 1. 在终端中:safe-exec-approve req17699384929730
- 或:safe-exec-list 查看所有待处理请求
拒绝方法:
safe-exec-reject req17699384929730
配置
用于自定义的环境变量:
- - SAFEEXECDISABLE - 设置为1以全局禁用safe-exec
- OPENCLAWAGENTCALL - 在智能体模式下自动启用(非交互式)
- SAFEEXECAUTO_CONFIRM - 自动批准低/中风险命令
示例
启用SafeExec:
启用SafeExec
启用后,智能体正常工作:
从/var/log删除旧日志文件
SafeExec自动检测到这是高风险(删除)并显示会话内审批提示。
安全操作无中断通过:
列出/home/user/documents中的文件
这是低风险,无需批准即可执行。
全局控制
检查状态:
safe-exec-list
查看审计日志:
bash
cat ~/.openclaw/safe-exec-audit.log
全局禁用SafeExec:
禁用SafeExec
或设置环境变量:
bash
export SAFEEXECDISABLE=1
问题报告
发现Bug?有功能请求?
请在此报告问题:
🔗 https://github.com/OTTTTTO/safe-exec/issues
我们欢迎社区反馈、Bug报告和功能建议!
报告问题时请包含:
- - SafeExec版本(运行:grep VERSION ~/.openclaw/skills/safe-exec/safe-exec.sh)
- OpenClaw版本
- 复现步骤
- 预期与实际行为
- 来自~/.openclaw/safe-exec-audit.log的相关日志
审计日志
所有命令执行均记录以下信息:
- - 时间戳
- 执行的命令
- 风险等级
- 执行模式(userapproved / agentauto)
- 审批状态
- 执行结果
- 用于追溯的请求ID
日志位置:~/.openclaw/safe-exec-audit.log
安全与隐私
SafeExec的功能:
- - ✅ 在执行前拦截shell命令
- ✅ 使用正则匹配检测危险模式
- ✅ 请求用户批准风险命令
- ✅ 将所有执行记录到本地审计文件
- ✅ 完全在您的机器上本地运行
SafeExec不执行的操作:
- - ❌ 不监控聊天会话或对话历史
- ❌ 不读取OpenClaw会话数据
- ❌ 不发起外部网络请求(安装时的git clone除外)
- ❌ 不向外部服务发送数据
- ❌ 无后台监控进程或定时任务
- ❌ 不与外部通知服务集成(飞书、webhook等)
集成
SafeExec与OpenClaw智能体无缝集成。启用后,它透明运行,无需更改智能体行为或命令结构。审批工作流完全本地化,独立于任何外部通信平台。
平台独立性
SafeExec在会话级别运行,适用于您的OpenClaw实例支持的任何通信渠道(网页聊天、飞书、Telegram、Discord等)。审批工作流通过您的终端进行,确保无论您如何与智能体交互,都能保持控制权。
支持与社区
- - GitHub仓库: https://github.com/OTTTTTO/safe-exec
- 问题追踪: https://github.com/OTTTTTO/safe-exec/issues
- 文档: README.md
- ClawdHub: https://www.clawhub.ai/skills/safe-exec
许可证
MIT许可证 - 详情请参阅LICENSE
