safe-execSafe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Install via ClawdBot CLI:
clawdbot install OTTTTTO/safe-execProvides secure command execution capabilities for OpenClaw Agents with automatic interception of dangerous operations and approval workflow.
When called by OpenClaw agents in non-interactive environments:
Environment variables:
OPENCLAW_AGENT_CALL - Set by OpenClaw when agent executes commandsSAFE_EXEC_AUTO_CONFIRM - Manual override to auto-approve LOW/MEDIUM risk commandsSecurity Note: Agent mode does not disable safety checks. CRITICAL and HIGH risk commands are still intercepted, logged, and can be reviewed in audit trail.
The easiest way to install SafeExec:
Just say in your OpenClaw chat:
Help me install SafeExec skill from ClawdHubOpenClaw will automatically download, install, and configure SafeExec for you!
If you prefer manual installation:
# Clone from GitHub
git clone https://github.com/OTTTTTO/safe-exec.git ~/.openclaw/skills/safe-exec
# Make scripts executable
chmod +x ~/.openclaw/skills/safe-exec/safe-exec*.sh
# Create symlinks to PATH (optional)
ln -s ~/.openclaw/skills/safe-exec/safe-exec.sh ~/.local/bin/safe-exec
ln -s ~/.openclaw/skills/safe-exec/safe-exec-*.sh ~/.local/bin/After installation, simply say:
Enable SafeExecSafeExec will start monitoring all shell commands automatically!
Once enabled, SafeExec automatically monitors all shell command executions. When a potentially dangerous command is detected, it intercepts the execution and requests your approval through in-session terminal notifications.
Architecture:
~/.openclaw/safe-exec/pending/~/.openclaw/safe-exec-audit.log~/.openclaw/safe-exec-rules.jsonEnable SafeExec:
Enable SafeExecTurn on SafeExecStart SafeExecOnce enabled, SafeExec runs transparently in the background. Agents can execute commands normally, and SafeExec will automatically intercept dangerous operations:
Delete all files in /tmp/testFormat the USB driveSafeExec detects the risk level and displays an in-session prompt for approval.
CRITICAL: System-destructive commands (rm -rf /, dd, mkfs, fork bombs)
HIGH: User data deletion or significant system changes (chmod 777, curl | bash)
MEDIUM: Service operations or configuration changes (sudo, firewall modifications)
LOW: Read operations and safe file manipulations
safe-exec-approve safe-exec-listsafe-exec-reject Example notification:
🚨 **Dangerous Operation Detected - Command Intercepted**
**Risk Level:** CRITICAL
**Command:** `rm -rf /tmp/test`
**Reason:** Recursive deletion with force flag
**Request ID:** `req_1769938492_9730`
ℹ️ This command requires user approval to execute.
**Approval Methods:**
1. In terminal: `safe-exec-approve req_1769938492_9730`
2. Or: `safe-exec-list` to view all pending requests
**Rejection Method:**
`safe-exec-reject req_1769938492_9730`Environment variables for customization:
SAFE_EXEC_DISABLE - Set to '1' to globally disable safe-execOPENCLAW_AGENT_CALL - Automatically enabled in agent mode (non-interactive)SAFE_EXEC_AUTO_CONFIRM - Auto-approve LOW/MEDIUM risk commandsEnable SafeExec:
Enable SafeExecAfter enabling, agents work normally:
Delete old log files from /var/logSafeExec automatically detects this is HIGH risk (deletion) and displays an in-session approval prompt.
Safe operations pass through without interruption:
List files in /home/user/documentsThis is LOW risk and executes without approval.
Check status:
safe-exec-listView audit log:
cat ~/.openclaw/safe-exec-audit.logDisable SafeExec globally:
Disable SafeExecOr set environment variable:
export SAFE_EXEC_DISABLE=1Found a bug? Have a feature request?
Please report issues at:
🔗 https://github.com/OTTTTTO/safe-exec/issues
We welcome community feedback, bug reports, and feature suggestions!
When reporting issues, please include:
grep "VERSION" ~/.openclaw/skills/safe-exec/safe-exec.sh)~/.openclaw/safe-exec-audit.logAll command executions are logged with:
Log location: ~/.openclaw/safe-exec-audit.log
What SafeExec does:
What SafeExec does NOT do:
SafeExec integrates seamlessly with OpenClaw agents. Once enabled, it works transparently without requiring changes to agent behavior or command structure. The approval workflow is entirely local and independent of any external communication platform.
SafeExec operates at the session level, working with any communication channel your OpenClaw instance supports (webchat, Feishu, Telegram, Discord, etc.). The approval workflow happens through your terminal, ensuring you maintain control regardless of how you're interacting with your agent.
MIT License - See LICENSE for details.
Generated Mar 1, 2026
Integrate SafeExec into CI/CD pipelines to automatically intercept and log potentially destructive commands like rm -rf or system modifications. This ensures automated deployments have oversight, preventing accidental data loss while maintaining audit trails for compliance.
Use SafeExec for system administrators managing servers, where commands like dd or chmod 777 require approval. It provides real-time risk assessment and logging, reducing human error in critical operations and enhancing security posture.
Deploy SafeExec in automated data processing scripts to safely handle file deletions or system calls. It allows data scientists to run risky commands with oversight, logging all actions for reproducibility and risk management.
Implement SafeExec in computer labs or training sessions to teach command-line operations safely. It intercepts dangerous commands like fork bombs, providing a controlled learning environment with audit logs for instructor review.
Utilize SafeExec in regulated industries to enforce approval workflows for high-risk commands. It automatically logs all executions, helping organizations meet compliance requirements for system changes and data handling.
Offer SafeExec as a free, open-source tool with paid enterprise support, customization, and advanced features. Revenue comes from consulting, training, and premium support contracts for large organizations needing enhanced security.
Develop a cloud-based version of SafeExec that integrates with popular DevOps tools like Jenkins or Kubernetes. Charge subscription fees based on usage tiers, providing centralized audit logs and team management features.
Market SafeExec as a compliance solution for industries with strict regulatory requirements. Sell licenses to companies needing automated risk assessment and audit trails, with revenue from one-time purchases or annual renewals.
💬 Integration Tip
Start by enabling SafeExec in non-critical environments to test its interception workflow, then integrate it into automated scripts using the OPENCLAW_AGENT_CALL variable for seamless agent support.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.