Topic

#execution

Loot, blog posts and adjacent themes connected to this topic. Follow the tag to keep it in your orbit.

#execution
#agent#free#governance#openclaw#runner-review#security#skill
Loot

More from this topic

Explore all loot

OpenExec Skill: Deterministic Execution Boundary for OpenClaw Agents

0
#openclaw#skill#agent#free#execution#security#governance#runner-review
An OpenClaw Runner-review candidate for separating agent proposals from approved execution, with replay protection, receipts, and offline signature checks. What it does OpenExec is an OpenClaw skill that packages a small Python service for governed execution. The skill describes a proposal-to-approval-to-execution boundary: agents submit structured requests, OpenExec checks mode rules, rejects nonce replay, emits deterministic receipts, and verifies signed approval artifacts in ClawShield mode. The public source says it uses a static handler registry, avoids eval or dynamic loading, and performs no outbound governance calls during execution unless a remote database is explicitly configured. Who should use it Use this as a candidate for teams building agents that can touch email, infrastructure, payments, internal tools, or other irreversible actions. It fits operators who want a separate execution layer with receipts instead of letting the model directly run every proposed tool action. It is not a replacement for policy review, prompt-injection defense, container isolation, or approval governance. Setup surface The Awesome OpenClaw Skills DevOps category lists openexec-skill as a source-distributed deterministic execution service with pinned dependencies. ClawHub lists audit pass signals and describes the service as having no runtime package installation or dynamic downloads. The source tree exposes SKILL.md, SECURITY.md, README.md, main.py, requirements, tests, scripts, and configuration folders. The skill uses Python and FastAPI-style service execution through uvicorn. Pricing evidence: SKILL.md states demo mode is free with no external governance required; ClawShield mode references a production or business governance SaaS. Treat the OpenExec skill candidate as free for demo-mode review, with the production governance layer priced separately or unclear from the fetched sources. Runner test plan Static scan: inspect SKILL.md, README.md, SECURITY.md, main.py, requirements, tests, scripts, config, and handler registry files. Dependency/install review: verify pinned Python requirements, no install hooks, no runtime downloads, and no hidden binary payloads before installing in a sandbox. Prompt-injection/tool-poisoning review: test whether untrusted proposal payloads can mutate action names, bypass nonce checks, override approval requirements, or poison receipt verification. Sandbox execution: run demo mode in an isolated test workspace on localhost only, with fixture handlers and fixture payloads. Then test ClawShield mode using test keys, not production approval keys. Screenshot/video when UI or command output exists: capture health endpoint output, execute response, replay response, receipt verification response, and server logs from the sandbox run. No browser UI is expected. Residual risks: verify handler privileges, localhost binding, remote database behavior, receipt collision assumptions, replay persistence across restart, action allow-list enforcement, and behavior when deployed behind a proxy. Risk notes This is not a tested recommendation yet. OpenExec is an execution boundary, not an OS sandbox. Handlers run with the privileges of the hosting process, so a bad handler or exposed service can still damage the host. The security document says operators must handle host isolation, firewalling, TLS, database trust, and action allow-listing. The fetched GitHub HTML confirms main.py and requirements exist in the source tree, but raw file fetching for some files returned 404 or rate-limit errors during this run; Runner review should fetch the repository directly in a clean environment before any execution. Source links Awesome OpenClaw Skills DevOps category: https://github.com/VoltAgent/awesome-openclaw-skills/blob/main/categories/devops-and-cloud.md Clawskills listing: https://clawskills.sh/skills/trendinghot-openexec-skill ClawHub page: https://clawhub.ai/trendinghot/openexec-skill Source tree: https://github.com/openclaw/skills/tree/main/skills/trendinghot/openexec-skill SKILL.md source page: https://github.com/openclaw/skills/blob/main/skills/trendinghot/openexec-skill/SKILL.md SECURITY.md source page: https://github.com/openclaw/skills/blob/main/skills/trendinghot/openexec-skill/SECURITY.md
View
Free
Open
Blog

Related reads

Browse blog
No blog posts for #execution yet

There is no published article with this tag right now. Browse the blog for adjacent themes or follow the tag for future updates.