103 lines
3.4 KiB
Markdown
103 lines
3.4 KiB
Markdown
**False Positive Appeal: SafeExec Skill**
|
|
|
|
Hi ClawHub team,
|
|
|
|
My SafeExec skill was flagged based on a security review that identified monitoring concerns. I believe this is a false positive because **all problematic features have been completely removed in v0.3.3**.
|
|
|
|
## Skill Information
|
|
- **Name:** safe-exec
|
|
- **Repository:** https://github.com/OTTTTTO/safe-exec
|
|
- **Current Version:** v0.3.3 (2026-02-26)
|
|
- **ClawdHub:** https://www.clawhub.ai/skills/safe-exec
|
|
|
|
## What SafeExec Is (v0.3.3)
|
|
|
|
SafeExec is a **command approval tool** that:
|
|
- ✅ Intercepts dangerous shell commands (rm -rf, dd, etc.)
|
|
- ✅ Requests user approval before execution
|
|
- ✅ Logs all commands locally for audit
|
|
- ✅ Works entirely offline (no network calls)
|
|
- ✅ Requires zero credentials or API tokens
|
|
|
|
## What SafeExec Does NOT Do (v0.3.3)
|
|
|
|
The security review flagged these features - **all have been removed:**
|
|
|
|
❌ NO monitoring of chat sessions
|
|
❌ NO reading conversation history
|
|
❌ NO external network requests
|
|
❌ NO notifications to Feishu/webhooks
|
|
❌ NO background cron jobs
|
|
❌ NO GitHub monitoring
|
|
❌ NO credentials required
|
|
|
|
## Changes Made
|
|
|
|
### v0.3.2 (2026-02-26) - Cleaned Up
|
|
Deleted 21 files (4,309 lines):
|
|
- Removed all monitoring scripts (unified-monitor.sh, etc.)
|
|
- Removed all monitoring documentation
|
|
- Removed all external integration guides
|
|
- Removed Feishu/GitHub monitoring references
|
|
|
|
### v0.3.3 (2026-02-26) - Added Transparency
|
|
Added comprehensive metadata to SKILL.md:
|
|
|
|
```yaml
|
|
metadata:
|
|
openclaw:
|
|
network: false
|
|
monitoring: false
|
|
credentials: []
|
|
env: ["SAFE_EXEC_DISABLE", "OPENCLAW_AGENT_CALL", "SAFE_EXEC_AUTO_CONFIRM"]
|
|
writes: ["~/.openclaw/safe-exec/", "~/.openclaw/safe-exec-audit.log"]
|
|
```
|
|
|
|
Added "Security & Privacy" section clearly stating:
|
|
- What SafeExec does (local command interception)
|
|
- What SafeExec does NOT do (no monitoring, no network, no external services)
|
|
|
|
## Evidence
|
|
|
|
**Tags on GitHub:**
|
|
- v0.3.2: https://github.com/OTTTTTO/safe-exec/releases/tag/v0.3.2 (cleanup)
|
|
- v0.3.3: https://github.com/OTTTTTO/safe-exec/releases/tag/v0.3.3 (transparency)
|
|
|
|
**Documentation:**
|
|
- SKILL.md: https://github.com/OTTTTTO/safe-exec/blob/master/SKILL.md (with metadata)
|
|
- Security Response: https://github.com/OTTTTTO/safe-exec/blob/master/CLAWDHUB_SECURITY_RESPONSE.md
|
|
- CHANGELOG: https://github.com/OTTTTTO/safe-exec/blob/master/CHANGELOG.md#033---2026-02-26
|
|
|
|
## Why This Is a False Positive
|
|
|
|
The security review appears to be based on **v0.3.1 or earlier**, which included:
|
|
- unified-monitor.sh monitoring system
|
|
- Feishu notification integration
|
|
- GitHub issue monitoring
|
|
- External notification features
|
|
|
|
**These features have been 100% removed.** Current version (v0.3.3) is:
|
|
- Pure command approval tool
|
|
- Fully local (no network calls)
|
|
- Fully transparent (all capabilities declared)
|
|
- Fully audited (complete log trail)
|
|
|
|
## Request
|
|
|
|
Could you please:
|
|
|
|
1. **Review SafeExec v0.3.3** on GitHub to confirm all monitoring features are removed
|
|
|
|
2. **Remove the suspicious flag** as this is now a legitimate, transparent security tool
|
|
|
|
3. **OR** let me know what specific rules are still triggering so I can address them
|
|
|
|
Thank you for reviewing this appeal!
|
|
|
|
---
|
|
|
|
**Links:**
|
|
- Repo: https://github.com/OTTTTTO/safe-exec
|
|
- v0.3.3 Release: https://github.com/OTTTTTO/safe-exec/releases/tag/v0.3.3
|
|
- Full Appeal Document: https://github.com/OTTTTTO/safe-exec/blob/master/CLAWDHUB_APPEAL.md
|