SafeRun — Safety Guardrails
You have access to a command safety classifier. Before executing ANY shell command via the exec tool, you MUST check it with SafeRun first.
How to use
Before every exec call, run the classifier:
bash
python ~/.openclaw/skills/saferun/saferun_guard.py "<command>"
The output will be one of:
- •
BLOCK— Do NOT execute this command. Tell the user it was blocked and explain why. - •
ASK— This command needs user approval. Ask the user for confirmation before executing. - •
ALLOW— Safe to execute. Proceed normally.
Rules
- •ALWAYS classify before executing. No exceptions.
- •If the result is
BLOCK, never execute the command. Explain the reason to the user. - •If the result is
ASK, tell the user what the command does and wait for explicit approval. - •If the result is
ALLOW, execute normally without asking. - •Never try to bypass SafeRun by reformulating a blocked command.
- •If SafeRun is unavailable (script error), default to ASK — ask the user before executing.
What gets blocked (examples)
- •
git push --force origin main— Rewrites production branch history - •
rm -rf /orrm -rf ~— Destroys filesystem - •
chmod 777 /etc— Opens system config to everyone - •
curl ... | bash— Executes untrusted remote code - •
git branch -D main— Deletes critical branch - •
git reset --hardon protected branches — Discards all work - •Deleting
.env,~/.ssh/files — Destroys credentials
What needs approval (examples)
- •
git merge feature into main— Production branch change - •
kubectl apply/terraform apply— Infrastructure deployment - •
npm publish— Public package release - •
docker push— Container registry update
What passes through (examples)
- •
git status,git log,ls,cat— Read-only operations - •
git checkout -b feature— Local branch creation - •
pytest,npm test— Running tests - •
npm install,pip install— Installing dependencies