首页龙虾技能列表 › Terminal Killer — 技能工具

Terminal Killer — 技能工具

v1.2.0

[自动翻译] Intelligent shell command detector and executor for OpenClaw. Automatically identifies terminal commands (system builtins, $PATH executables, history ...

1· 704·0 当前·0 累计
by @cosperypf·MIT-0
下载技能包
License
MIT-0
最后更新
2026/3/2
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
high confidence
The skill's code and instructions align with its stated purpose (detecting and executing shell commands), but it requires reading and sourcing user shell init files and history and can execute arbitrary local commands and log their output — behavior that is high-risk and warrants careful review and configuration before enabling.
评估建议
This skill does what it says — it will detect and run shell commands using your real shell environment. That requires sourcing your dotfiles (~/.zshrc, ~/.bashrc) and reading shell history; both are legitimate for this task but are risky because dotfiles can run arbitrary code and history or command outputs may contain secrets (API keys, tokens, passwords). Before installing or enabling: 1) Review the source (you have it) and confirm you trust the author; 2) Inspect your shell init files for une...
详细分析 ▾
用途与能力
Name/description (detect + execute shell commands) match the actual implementation: detector, executor, interactive opener. Executing commands with the user's environment, checking $PATH and shell history, and opening new terminal windows are coherent with the stated goal.
指令范围
Runtime instructions and code explicitly source user shell init files (e.g. ~/.zshrc, ~/.bashrc) and read shell history (~/.zsh_history, ~/.bash_history). Sourcing init files executes whatever is in them; reading history and command outputs may surface secrets. These behaviors extend beyond simple command detection and create sensitive read/execute surface that users should expect but be cautious about.
安装机制
No installer or remote downloads; this is an instruction+code bundle that runs locally. That lowers supply-chain risk because nothing is fetched at install time.
凭证需求
The skill requests no explicit credentials, but it inherits process.env and deliberately sources shell init files to obtain PATH and env vars, and it reads shell history files. Those actions are plausible for running user commands, but they give the skill access to sensitive local data (history, env vars, and any code executed during sourcing). The skill also logs commands and outputs (per README/SKILL.md), which may record secrets.
持久化与权限
always:false (good), but the skill can be invoked autonomously by the agent (default). Combined with the ability to execute arbitrary shell commands and to source init files / read histories / open terminals, this gives a high blast radius if misclassification or malicious inputs occur. The skill does not modify other skills or system configs, but its execution privileges are powerful.
安装前注意事项
  1. Review the source (you have it) and confirm you trust the author;
  2. Inspect your shell init files for unexpected network calls or side effects (and consider running the skill under a sanitized shell or user);
  3. Disable or restrict logging or ensure logs (~/.openclaw/logs/...) are stored securely;
  4. Configure the skill to require interactive approval for execution (raise the confidence threshold or force approval for anything non-trivial) and avoid enabling fully autonomous execution if you cannot audit every invocation;
  5. If you need minimal privilege, prefer not to allow it to source dotfiles or to limit MAX_HISTORY_CHECK to 0. If you want to proceed but are unsure, keep it disabled by default and only run detect-only tests (node scripts/detect-command.js) rather than executing commands.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.2.02026/3/2
● 可疑

安装命令 点击复制

官方npx clawhub@latest install terminal-killer
镜像加速npx clawhub@latest install terminal-killer --registry https://cn.clawhub-mirror.com

技能文档

🚀 Smart command router that executes shell commands directly, bypassing LLM for instant terminal operations.

Quick Start

Terminal Killer automatically activates when user input matches command patterns. No special syntax needed — just type commands naturally:

ls -la              # → Direct exec
git status          # → Direct exec  
npm install         # → Direct exec
"help me code"      # → LLM handles normally

How It Works

Detection Pipeline

User Input → Command Detector → Decision
                                      ├── Command → exec (direct)
                                      └── Task → LLM (normal)

Environment Loading

Terminal Killer automatically loads your shell environment before executing commands:

  • Detects your shell (zsh, bash, etc.)
  • Sources init files (~/.zshrc, ~/.bash_profile, ~/.bashrc, etc.)
  • Inherits full PATH - including custom paths like Android SDK, Homebrew, etc.
  • Preserves environment variables - all your export VAR=value settings

This ensures commands like adb, kubectl, docker, etc. work exactly as they do in your terminal!

Detection Rules (in order)

  • System Builtins - Check against OS-specific builtin commands
  • PATH Executables - Scan $PATH for matching executables
  • History Match - Compare against recent shell history
  • Command Pattern - Heuristic analysis (operators, paths, etc.)
  • Confidence Score - Combine signals for final decision

Detection Details

1. System Builtins

Checks input against known builtin commands for the current OS:

macOS/LinuxWindows (PowerShell)Windows (CMD)
cd, pwd, lscd, pwd, lscd, dir, cls
echo, catecho, catecho, type
mkdir, rm, cpmkdir, rm, cpmkdir, del, copy
grep, findgrep, findfindstr
git, npm, nodegit, npm, nodegit, npm, node
See references/builtins/ for complete lists.

2. PATH Executable Check

Scans $PATH directories to verify if the first word is an executable:

# Uses which (Unix) or Get-Command (PowerShell)
which     # Returns path if exists

3. History Matching

Compares input against recent shell history (~/.zsh_history, ~/.bash_history, PowerShell history):

  • Exact match → High confidence
  • Similar prefix → Medium confidence
  • No match → Continue checking

4. Command Pattern Analysis

Heuristic scoring based on command characteristics:

PatternScoreExample
Starts with known command+3git status
Contains shell operators+2lsgrep
Contains path references+2cd ~/projects
Contains flags/args+1npm install --save
Contains $ variables+2echo $HOME
Contains redirection+2cat file > out
Looks like natural language-3"please help me"
Contains question marks-2"how do I...?"

5. Confidence Threshold

Score >= 5  → EXECUTE (high confidence command)
Score 3-4   → ASK (uncertain, confirm with user)
Score < 3   → LLM (likely a task/request)

Usage

Automatic Activation

Terminal Killer triggers automatically when:

  • User input starts with a verb-like word
  • Input is short (< 20 words typically)
  • No question words (what, how, why, etc.)

Interactive Commands

Terminal Killer automatically detects and handles interactive shell commands:

Detected Patterns:

  • adb shell - Opens new terminal with adb shell
  • ssh user@host - Opens SSH session in new window
  • docker exec -it container bash - Opens container shell
  • mysql -u root -p - Opens MySQL client
  • python, node, bash - Opens REPL in new window

Behavior:

  • ✅ Automatically opens new Terminal window (macOS)
  • ✅ Loads your full shell environment (~/.zshrc, etc.)
  • ✅ Keeps main session free for other tasks

Manual Override

Force command execution: 

!ls -la          # Force exec even if uncertain

Force LLM handling: 

?? explain git   # Force LLM even if looks like command

Safety Features

Dangerous Command Detection

Automatically flags potentially dangerous operations:

  • rm -rf / or similar destructive patterns
  • sudo commands (requires explicit approval)
  • dd, mkfs, chmod 777
  • Network operations to suspicious hosts
  • Commands modifying system files

Approval Workflow

Dangerous command detected!
Command: rm -rf ./important-folder
Risk: HIGH - Recursive delete
[Approve] [Deny] [Edit]

Audit Logging

All executed commands are logged to: 

~/.openclaw/logs/terminal-killer.log

Log format: 

{
  "timestamp": "2026-02-28T12:00:00Z",
  "command": "ls -la",
  "confidence": 8,
  "execution_time_ms": 45,
  "output_lines": 12,
  "status": "success"
}

Configuration

Settings

Add to your OpenClaw config:

terminal-killer:
  enabled: true
  confidence_threshold: 5
  require_approval_for:
    - "rm -rf"
    - "sudo"
    - "dd"
    - "mkfs"
  log_executions: true
  max_history_check: 100  # How many history entries to check

Platform Detection

Automatically detects OS and adjusts detection rules:

# Auto-detected at runtime
uname -s  # Darwin, Linux, etc.

Implementation

Core Script

See scripts/detect-command.js for the main detection logic.

Helper Scripts

  • scripts/check-path.js - Verify executable in PATH
  • scripts/check-history.js - Match against shell history
  • scripts/score-command.js - Calculate confidence score
  • scripts/safety-check.js - Detect dangerous patterns

Testing

See references/TESTING.md for comprehensive test guide.

Quick test: 

# Run the test suite
node scripts/test-detector.js
# Test specific commands
node scripts/detect-command.js "ls -la"
node scripts/detect-command.js "help me write code"

Limitations

  • Requires shell access (won't work in sandboxed environments)
  • History check needs read access to shell history files
  • Windows support requires PowerShell or WSL for full functionality
  • Some commands may have false positives (natural language that looks like commands)

Contributing

To add new builtin commands for your platform:

  • Edit references/builtins/.txt
  • Test with scripts/test-detector.js
  • Submit PR with platform verification

👤 About the Creator

Author: Cosper Contact: cosperypf@163.com License: MIT

📬 Get in Touch

Interested in this skill? Have suggestions, bug reports, or want to collaborate?

  • 📧 Email: cosperypf@163.com
  • 💡 Suggestions: Always welcome!
  • 🐛 Bug Reports: Please include platform, OpenClaw version, and example inputs
  • 🤝 Collaboration: Open to contributions and improvements

🙏 Acknowledgments

Built for the OpenClaw community. Thanks to everyone contributing to the ecosystem!

📝 Changelog

v1.1.0 (2026-02-28)

🎯 Core Improvements:

  • ✅ Faithful Command Execution
- Commands are executed exactly as input - No modifications, no optimizations, no additions - Raw output preserved (including progress bars, special characters, etc.)

  • 🪟 Interactive Shell Detection
- Automatically detects interactive commands (adb shell, ssh, docker exec -it, etc.) - Opens new Terminal window for interactive sessions - Keeps main session free for other tasks - Loads full shell environment (~/.zshrc, etc.)

  • 📜 Long Output Handling
- Detects output longer than 2000 bytes - Shows 200-character preview - Prompts user to open in new Terminal window - Prevents interface rendering issues with long content

📦 Files Updated:

  • scripts/index.js - Long output detection + interactive command handling
  • scripts/interactive.js - New Terminal window opener
  • SKILL.md - Updated documentation
  • README.md - Usage examples
  • clawhub.json - Version bump to 1.1.0

v1.0.0 (2026-02-28)

Initial Release:

  • Smart command detection (system builtins, PATH, history, patterns)
  • Cross-platform support (macOS/Linux/Windows)
  • Environment variable loading (~/.zshrc, etc.)
  • Dangerous command detection
  • Confidence scoring system

Version: 1.1.0 Created: 2026-02-28 Last Updated: 2026-02-28

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务