#Skills and exec tool

1 messages · Page 1 of 1 (latest)

obtuse basin
#

On my setup, each session is sandbox isolated. I want to create a skill that will need to run a script via exec tool. But I also want to disable tool exec to prevent prompt injection can trigger unwanted commands. How can I achive my goal?

river lilyBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> âś… Mark Solution

silk fableBOT
silk fableBOT
# obtuse basin On my setup, each session is sandbox isolated. I want to create a skill that wil... 
        // make sure your script + deps exist inside the sandbox image/setupCommand
      }
    }
  }
}

Then put the script inside the sandbox/workspace and have the skill run a fixed command with exec host=sandbox. That keeps the tool available, but prevents accidental fallback to gateway host execution. If sandbox mode is off, host=sandbox fails closed.

If the script must run on the real gateway/node host, don’t deny exec; tighten exec approvals instead:

{
  tools: {
    exec: {
silk fableBOT
# obtuse basin On my setup, each session is sandbox isolated. I want to create a skill that wil... 
      host: "gateway",        // or "node"
      security: "allowlist",
      ask: "on-miss",
      strictInlineEval: true
    }
  }
}

Then allowlist only the resolved script/binary path in ~/.openclaw/exec-approvals.json / Control UI → Exec approvals. Keep autoAllowSkills: false if you want strict explicit trust.

For prompt-injection resistance, also consider making the skill slash-command only:
user-invocable: true + disable-model-invocation: true, so the model doesn’t get encouraged to call it during arbitrary chat. But the real boundary is still tool policy + sandbox/exec approvals, not the skill text.

Docs:
https://docs.openclaw.ai/tools/exec

silk fableBOT
mortal haven
#

I have a question please

I try to create an agent workspace and a skill with a script. This Python script uses Opanai to make some prompts

like this example

from openAI import OpenAI
client = OpenAI(api_key=os.environ.get("OPENAI_API_KEY"))

When I run a test, OpenClaw told me he can't find any OPENAI_API_KEY

My openclaw is configurated to use openai as main model, i want khnow how to passe the open ai key directly to my python script or use direct openai model context as llm inside my script since that already openclaw use openai as main model

silk fableBOT
# mortal haven I have a question please I try to create an agent workspace and a skill with a ...

The OpenAI key used by OpenClaw for the agent is not automatically exported into Python scripts. A skill script is just a separate process, so it only sees environment variables that are passed to that process.

Two common fixes:

1. If the skill runs on the host
Add a per-skill env/apiKey entry in ~/.openclaw/openclaw.json:

{
  skills: {
    entries: {
      "your-skill-name": {
        enabled: true,
        env: {
          OPENAI_API_KEY: "sk-..."
        }
silk fableBOT
silk fableBOT
silk fableBOT
# mortal haven I have a question please I try to create an agent workspace and a skill with a ... 
import os
from openai import OpenAI

client = OpenAI(api_key=os.environ["OPENAI_API_KEY"])

Not from openAI import OpenAI.

You generally can’t “reuse the current OpenClaw model context” directly from inside a Python script. The clean choices are: let the agent do the prompting, or have the script call the provider API with its own API key/env.

Docs:
https://docs.openclaw.ai/tools/skills-config
https://docs.openclaw.ai/tools/skills
https://docs.openclaw.ai/gateway/sandboxing

If it still fails, first check openclaw --version, then run a tiny env test through the same skill path, e.g. print whether OPENAI_API_KEY exists without printing the secret.

mortal haven
#

i dont have openclaw sand box and i config the main openclaw model using oath i dont passe to them the api key

silk fableBOT
# mortal haven i dont have openclaw sand box and i config the main openclaw model using oath i ...

That explains it: OAuth login for OpenClaw is not the same thing as an OPENAI_API_KEY.

If you configured OpenClaw with OpenAI/Codex OAuth, OpenClaw can use that auth internally for its own agent model route, but it does not export a usable OPENAI_API_KEY into your Python process. The normal Python SDK:

from openai import OpenAI
client = OpenAI(api_key=os.environ["OPENAI_API_KEY"])

expects an OpenAI Platform API key, not OpenClaw’s stored OAuth session.

So you have two practical options:

  1. Use a real OpenAI Platform API key for the script
    Put it in OpenClaw config for the skill, since you are not sandboxed:
silk fableBOT
silk fableBOT
# mortal haven i dont have openclaw sand box and i config the main openclaw model using oath i ...
  1. Don’t call OpenAI from Python
    Let the OpenClaw agent do the LLM prompt itself, and have your script only handle deterministic work. This is the cleaner path if you want to keep using the OAuth/subscription auth you already configured.

There isn’t currently a simple “use OpenClaw’s current model context as a Python OpenAI SDK client” shortcut. OAuth-backed OpenClaw model auth and OPENAI_API_KEY are different auth paths.

Docs:
https://docs.openclaw.ai/providers/openai
https://docs.openclaw.ai/tools/skills-config

Also please check openclaw --version when testing this, because skill/env behavior has moved a bit across releases.

mortal haven
#

because i need to use openai in the middle of pyhton script

silk fableBOT
# mortal haven because i need to use openai in the middle of pyhton script

Got it. If you need the LLM call inside the Python script and you only have OpenClaw OAuth, use OpenClaw’s local OpenAI-compatible Gateway endpoint instead of api.openai.com.

That lets your Python script call OpenClaw, and OpenClaw uses its configured model/auth behind the scenes.

Enable the endpoint:

openclaw config set gateway.http.endpoints.chatCompletions.enabled true
openclaw gateway restart

Then call it from Python with the OpenAI SDK, but point base_url at your local Gateway:

import os
from openai import OpenAI
silk fableBOT
# mortal haven because i need to use openai in the middle of pyhton script 

client = OpenAI(
    base_url="http://127.0.0.1:18789/v1",
    api_key=os.environ["OPENCLAW_GATEWAY_TOKEN"],  # gateway token, not OpenAI API key
)

response = client.chat.completions.create(
    model="openclaw/default",
    messages=[
        {"role": "user", "content": "Your prompt here"}
    ],
)

print(response.choices[0].message.content)
silk fableBOT
# mortal haven because i need to use openai in the middle of pyhton script

You can get/check the gateway token with:

openclaw config get gateway.auth.token

Don’t paste that token publicly. Treat it like an owner/operator secret for your Gateway.

If you prefer env names that existing OpenAI code expects, you can also set:

OPENAI_BASE_URL=http://127.0.0.1:18789/v1
OPENAI_API_KEY=<your OpenClaw gateway token>

Then your existing Python can use the OpenAI SDK normally, but it will call OpenClaw instead of OpenAI directly.

silk fableBOT
mortal haven
#

Then they dont have any way to use openai instead of passing troph base_url ?

silk fableBOT
# mortal haven Then they dont have any way to use openai instead of passing troph base_url ?

Right: with OAuth/subscription auth, there is no normal OPENAI_API_KEY that your Python script can use against https://api.openai.com.

So the choices are:

  1. Direct OpenAI API from Python
    You need a real OpenAI Platform API key. Then no custom base_url is needed.

  2. Use your existing OpenClaw OAuth from Python
    You call the OpenClaw Gateway’s OpenAI-compatible endpoint, which means using base_url="http://127.0.0.1:18789/v1" and the Gateway token. OpenClaw then uses its configured OAuth/model behind the scenes.

  3. Avoid Python making the LLM call
    Let the OpenClaw agent do the prompt, and keep the Python script for the non-LLM logic.

If you want minimal code changes, set env vars before running the script: