safe-exec-0-3-2Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agents need to execute shell commands that may be dangerous (rm -rf, dd, fork bombs, system directory modifications) or require human oversight. Provides multi-level risk assessment (CRITICAL/HIGH/MEDIUM/LOW), in-session notifications, pending request management, and non-interactive environment support for agent automation.
Install via ClawdBot CLI:
clawdbot install Lucky-2968/safe-exec-0-3-2Provides secure command execution capabilities for OpenClaw Agents with automatic interception of dangerous operations and approval workflow.
The easiest way to install SafeExec:
Just say in your OpenClaw chat:
Help me install SafeExec skill from ClawdHub
OpenClaw will automatically download, install, and configure SafeExec for you!
If you prefer manual installation:
# Using ClawdHub CLI
export CLAWDHUB_REGISTRY=https://www.clawhub.ai
clawdhub install safe-exec
# Or download directly from GitHub
git clone https://github.com/OTTTTTO/safe-exec.git ~/.openclaw/skills/safe-exec
chmod +x ~/.openclaw/skills/safe-exec/safe-exec*.sh
After installation, simply say:
Enable SafeExec
SafeExec will start monitoring all shell commands automatically!
Once enabled, SafeExec automatically monitors all shell command executions. When a potentially dangerous command is detected, it intercepts the execution and requests your approval through in-session terminal notifications.
Architecture:
~/.openclaw/safe-exec/pending/~/.openclaw/safe-exec-audit.log~/.openclaw/safe-exec-rules.jsonEnable SafeExec:
Enable SafeExec
Turn on SafeExec
Start SafeExec
Once enabled, SafeExec runs transparently in the background. Agents can execute commands normally, and SafeExec will automatically intercept dangerous operations:
Delete all files in /tmp/test
Format the USB drive
SafeExec detects the risk level and displays an in-session prompt for approval.
CRITICAL: System-destructive commands (rm -rf /, dd, mkfs, etc.)
HIGH: User data deletion or significant system changes
MEDIUM: Service operations or configuration changes
LOW: Read operations and safe file manipulations
safe-exec-approve safe-exec-listsafe-exec-reject Example notification:
🚨 **Dangerous Operation Detected - Command Intercepted**
**Risk Level:** CRITICAL
**Command:** `rm -rf /tmp/test`
**Reason:** Recursive deletion with force flag
**Request ID:** `req_1769938492_9730`
ℹ️ This command requires user approval to execute.
**Approval Methods:**
1. In terminal: `safe-exec-approve req_1769938492_9730`
2. Or: `safe-exec-list` to view all pending requests
**Rejection Method:**
`safe-exec-reject req_1769938492_9730`
Environment variables for customization:
SAFE_EXEC_DISABLE - Set to '1' to globally disable safe-execOPENCLAW_AGENT_CALL - Automatically enabled in agent mode (non-interactive)SAFE_EXEC_AUTO_CONFIRM - Auto-approve LOW/MEDIUM risk commandsEnable SafeExec:
Enable SafeExec
After enabling, agents work normally:
Delete old log files from /var/log
SafeExec automatically detects this is HIGH risk (deletion) and displays an in-session approval prompt.
Safe operations pass through without interruption:
List files in /home/user/documents
This is LOW risk and executes without approval.
Check status:
safe-exec-list
View audit log:
cat ~/.openclaw/safe-exec-audit.log
Disable SafeExec globally:
Disable SafeExec
Or set environment variable:
export SAFE_EXEC_DISABLE=1
Found a bug? Have a feature request?
Please report issues at:
🔗 https://github.com/OTTTTTO/safe-exec/issues
We welcome community feedback, bug reports, and feature suggestions!
When reporting issues, please include:
grep "VERSION" ~/.openclaw/skills/safe-exec/safe-exec.sh)~/.openclaw/safe-exec-audit.logAll command executions are logged with:
Log location: ~/.openclaw/safe-exec-audit.log
SafeExec integrates seamlessly with OpenClaw agents. Once enabled, it works transparently without requiring changes to agent behavior or command structure. The approval workflow is entirely local and independent of any external communication platform.
SafeExec operates at the session level, working with any communication channel your OpenClaw instance supports (webchat, Feishu, Telegram, Discord, etc.). The approval workflow happens through your terminal, ensuring you maintain control regardless of how you're interacting with your agent.
MIT License - See LICENSE for details.
Generated Mar 1, 2026
Integrate SafeExec into CI/CD pipelines to automatically intercept and require approval for high-risk commands like system modifications or deletions during deployments. This prevents accidental destructive actions in production environments, ensuring only authorized personnel can approve critical operations via in-session notifications.
Use SafeExec in IT teams managing servers and networks to monitor shell commands for risky operations such as formatting drives or deleting system files. It provides audit logging for compliance and real-time alerts, reducing human error and enhancing security oversight in multi-user environments.
Deploy SafeExec in data science environments where automated scripts may execute commands that could delete datasets or modify configurations. It assesses risk levels and prompts for approval, protecting valuable data assets while allowing safe operations like file listings to proceed uninterrupted.
Implement SafeExec in educational settings where students use OpenClaw agents for learning shell commands. It intercepts dangerous operations like recursive deletions, providing a safety net that teaches best practices without risking system integrity, with audit logs for instructor review.
Adopt SafeExec for MSPs managing client systems to enforce approval workflows for high-risk commands across multiple environments. It enables centralized audit logging and risk assessment, improving accountability and reducing the chance of service disruptions from agent errors.
Offer SafeExec as a free, open-source tool to build community adoption, while generating revenue through paid support plans for enterprises. This includes priority bug fixes, custom rule configurations, and dedicated assistance for integration into complex workflows.
Develop a cloud-based version of SafeExec that integrates with various AI agent platforms beyond OpenClaw, providing centralized management and analytics. Revenue comes from tiered subscriptions based on usage volume, advanced features like AI-driven risk prediction, and API access.
License SafeExec to large organizations with custom deployments, including on-premise installations and tailored rule sets. Additional revenue is generated from consulting services for implementation, training, and ongoing maintenance to ensure compliance with industry security standards.
💬 Integration Tip
Enable SafeExec with a simple command like 'Enable SafeExec' after installation, and configure environment variables such as SAFE_EXEC_AUTO_CONFIRM for low-risk commands to streamline automation without compromising safety.
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
Search and analyze your own session logs (older/parent conversations) using jq.
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linking related objects, enforcing constraints, planning multi-step actions as graph transformations, or when skills need to share state. Trigger on "remember", "what do I know about", "link X to Y", "show dependencies", entity CRUD, or cross-skill data access.
Ultimate AI agent memory system for Cursor, Claude, ChatGPT & Copilot. WAL protocol + vector search + git-notes + cloud backup. Never lose context again. Vibe-coding ready.
Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection