openexec-skillSource-distributed deterministic execution service with pinned dependencies. Runs only with a signed approval artifact (ClawShield mode) and emits verifiable...
Install via ClawdBot CLI:
clawdbot install trendinghot/openexec-skillOpenExec is a runnable governed execution service.
It executes only what has already been approved.
It is not an agent.
It is not a policy engine.
It does not self-authorize.
OpenExec performs no outbound HTTP, RPC, or governance calls during signature verification or execution. All verification is fully offline. By default, OpenExec uses a local SQLite database (sqlite:///openexec.db). Database network I/O occurs only if explicitly configured by the operator via OPENEXEC_DB_URL.
pip install -r requirements.txtpython -m uvicorn main:app --host 0.0.0.0 --port 5000GET / → service info (deployment health check)GET /health → health status, mode, restriction levelGET /ready → readiness checkGET /version → version metadataPOST /execute → execute an approved action deterministicallyPOST /receipts/verify → verify receipt hash integrityNo external governance required. No env vars required.
export OPENEXEC_MODE=demoDemo mode still enforces:
Requires a signed approval artifact issued by ClawShield.
OpenExec verifies the Ed25519 signature offline using the configured public key.
export OPENEXEC_MODE=clawshield
export CLAWSHIELD_PUBLIC_KEY="-----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY-----"
export CLAWSHIELD_TENANT_ID="tenant-id"If signature validation fails, execution is denied.
Note: ClawShield governance SaaS is available at https://clawshield.forgerun.ai/. OpenExec does not contact this URL at runtime. It is provided for reference only.
All environment variables are optional. OpenExec runs with zero configuration in demo mode.
| Variable | Default | Description |
|----------|---------|-------------|
| OPENEXEC_MODE | demo | Execution mode: demo or clawshield |
| CLAWSHIELD_PUBLIC_KEY | (none) | PEM-encoded Ed25519 public key for signature verification |
| CLAWSHIELD_TENANT_ID | (none) | Tenant identifier for multi-tenant isolation |
| OPENEXEC_ALLOWED_ACTIONS | (none) | Comma-separated list of permitted actions. If unset, all registered actions are allowed |
| OPENEXEC_DB_URL | sqlite:///openexec.db | Database URL for execution record persistence |
python -m uvicorn main:app --host 0.0.0.0 --port 5000curl http://localhost:5000/healthcurl -X POST http://localhost:5000/execute \
-H "Content-Type: application/json" \
-d '{
"action":"echo",
"payload":{"msg":"hello"},
"nonce":"unique-1"
}'curl -X POST http://localhost:5000/execute \
-H "Content-Type: application/json" \
-d '{
"action":"echo",
"payload":{"msg":"hello"},
"nonce":"unique-1"
}'Every execution produces a receipt hash.
Receipts are evidence, not logs.
Verify a receipt:
curl -X POST http://localhost:5000/receipts/verify \
-H "Content-Type: application/json" \
-d '{"exec_id":"<id>","result":"<result_json>","receipt":"<hash>"}'OpenExec enforces execution boundaries at the application layer.
It does not provide OS-level sandboxing.
Deploy behind containerization, VM isolation, or hardened environments
when actions interact with production systems.
OpenExec enforces authority separation.
It is not a sandbox.
Each layer is replaceable. No single layer can act alone.
A full security model, threat assumptions, and production hardening
checklist are available in SECURITY.md.
This skill intentionally separates:
This skill:
Generated Mar 1, 2026
A bank uses OpenExec to automate approved payment processing tasks. In ClawShield mode, each transaction requires a signed approval from a governance system, ensuring no unauthorized transfers occur. The deterministic execution and receipt generation provide audit trails for compliance.
A hospital deploys OpenExec to handle patient data updates based on signed approvals from medical staff. It enforces replay protection to prevent duplicate record modifications and generates verifiable receipts for HIPAA compliance audits, all without outbound network calls.
A logistics company integrates OpenExec to execute inventory updates and shipping orders. Using ClawShield mode, approvals from management systems are verified offline before actions like stock adjustments, ensuring tamper-evident operations and preventing unauthorized changes.
A blockchain platform employs OpenExec as a secure gateway for executing smart contract calls. It verifies signed approvals from off-chain governance before triggering deterministic on-chain transactions, providing a layer of security against prompt injection or replay attacks.
A government agency uses OpenExec to generate and submit regulatory reports. In demo mode, it ensures deterministic execution of data aggregation tasks with replay protection, while receipts serve as evidence for audit trails without relying on external networks.
Offer OpenExec as part of a managed service with ClawShield integration, charging organizations a monthly fee based on execution volume or tenant count. This model provides recurring revenue while ensuring secure, governed AI operations for clients.
Sell perpetual licenses for OpenExec to large enterprises, with optional support and customization services. Revenue comes from upfront license sales and ongoing maintenance contracts, targeting industries with strict security and compliance needs.
Provide consulting services to help businesses integrate OpenExec into their existing AI and automation workflows. Revenue is generated through project-based fees for setup, training, and ongoing optimization of the execution boundary.
💬 Integration Tip
Deploy OpenExec in a containerized environment like Docker to enhance isolation, and use environment variables to switch between demo and ClawShield modes based on your security requirements.
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
Search and analyze your own session logs (older/parent conversations) using jq.
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linking related objects, enforcing constraints, planning multi-step actions as graph transformations, or when skills need to share state. Trigger on "remember", "what do I know about", "link X to Y", "show dependencies", entity CRUD, or cross-skill data access.
Ultimate AI agent memory system for Cursor, Claude, ChatGPT & Copilot. WAL protocol + vector search + git-notes + cloud backup. Never lose context again. Vibe-coding ready.
Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection