SafeExec

Alert level: High

Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agents need to execute shell commands that may be dangerous (rm -rf, dd, fork bombs, system directory modifications) or require human oversight. Provides multi-level risk assessment (CRITICAL/HIGH/MEDIUM/LOW), in-session notifications, pending request management, and non-interactive environment support for agent automation.

Locality:Local

Data access:Sensitive

Actions:Execute

Installs 7Downloads 1786Stars 3Updated 10h ago

Share on X View evidence

Why this rating

Deterministic checks triggered by the tool capabilities and evidence.

Locality: Local
Pending approvals and audit logs are stored in local `~/.openclaw/...` paths.
Data access: Sensitive
Monitors command content and file/system targets in execution requests.
Action surface: Execute
Governs execution of high-risk shell commands including destructive operations.

Best practices

Follow these steps to reduce risk when using this skill.

Keep approval prompts enabled and never auto-approve high-risk command categories.
Review full command arguments and target paths before approving execution.
Protect and periodically review SafeExec audit logs for suspicious patterns.

Evidence links

Public sources backing the indicator assignments.

ClawHub SafeExec GitHub Repository SafeExec README

Always be careful when navigating away from the website.

Max-risk rule

If any capability reaches a higher level, the entire indicator level bumps up to keep ratings deterministic and easy to scan.