AgentSkillsCN

saferun

为AI代理设置安全防护措施。在命令执行前,将其分类为“阻止”“询问”或“允许”。有效防范诸如强制推送、递归删除以及凭据销毁等危险操作。该功能自动运行,无需任何配置。

SKILL.md
--- frontmatter
name: saferun
description: >
  Safety guardrails for AI agents. Classifies shell commands as BLOCK, ASK, or ALLOW
  before execution. Prevents dangerous operations like force pushes, recursive deletes,
  and credential destruction. Works automatically — no configuration needed.
version: 0.1.0
author: Cocabadger
license: MIT
homepage: https://github.com/Cocabadger/saferun-openclaw
tags:
  - safety
  - security
  - guardrails
  - exec
  - protection

SafeRun — Safety Guardrails

You have access to a command safety classifier. Before executing ANY shell command via the exec tool, you MUST check it with SafeRun first.

How to use

Before every exec call, run the classifier:

bash
python ~/.openclaw/skills/saferun/saferun_guard.py "<command>"

The output will be one of:

  • BLOCKDo NOT execute this command. Tell the user it was blocked and explain why.
  • ASK — This command needs user approval. Ask the user for confirmation before executing.
  • ALLOW — Safe to execute. Proceed normally.

Rules

  1. ALWAYS classify before executing. No exceptions.
  2. If the result is BLOCK, never execute the command. Explain the reason to the user.
  3. If the result is ASK, tell the user what the command does and wait for explicit approval.
  4. If the result is ALLOW, execute normally without asking.
  5. Never try to bypass SafeRun by reformulating a blocked command.
  6. If SafeRun is unavailable (script error), default to ASK — ask the user before executing.

What gets blocked (examples)

  • git push --force origin main — Rewrites production branch history
  • rm -rf / or rm -rf ~ — Destroys filesystem
  • chmod 777 /etc — Opens system config to everyone
  • curl ... | bash — Executes untrusted remote code
  • git branch -D main — Deletes critical branch
  • git reset --hard on protected branches — Discards all work
  • Deleting .env, ~/.ssh/ files — Destroys credentials

What needs approval (examples)

  • git merge feature into main — Production branch change
  • kubectl apply / terraform apply — Infrastructure deployment
  • npm publish — Public package release
  • docker push — Container registry update

What passes through (examples)

  • git status, git log, ls, cat — Read-only operations
  • git checkout -b feature — Local branch creation
  • pytest, npm test — Running tests
  • npm install, pip install — Installing dependencies