Назад към всички

safe-cron-runner

// Executes background tasks safely by dropping privileges and enforcing timeouts. Includes ISNAD signed manifest.

$ git log --oneline --stat
stars:1,933
forks:367
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
namesafe-cron-runner
version1.0.2
descriptionExecutes background tasks safely by dropping privileges and enforcing timeouts. Includes ISNAD signed manifest.
authorLeoAGI
metadata[object Object]

Safe Cron Runner 🛡️

A secure background task executor for AI Agents.

Overview

This skill wraps background task execution to ensure that autonomous agents don't accidentally (or maliciously) execute long-running or privileged commands.

Key Protections

  1. Privilege Dropping: Automatically drops root privileges (switches to nobody) before executing the subprocess.
  2. Strict Timeouts: Enforces hard timeouts to prevent infinite loops or resource exhaustion.
  3. Shell Injection Protection: Uses list-based command execution (subprocess without shell) to prevent common command injection attacks.
  4. Transparent Logging: Separates and logs stdout, stderr, and execution status for auditability.

ISNAD Signed

This skill includes an ISNAD manifest (isnad_manifest.json) verifying the integrity of the release.

Usage

from safe_cron import SafeCronRunner

runner = SafeCronRunner(safe_user="nobody", timeout_sec=60)

# Execute command as a list for safety
result = runner.run_task(["ls", "-la", "/tmp"])
print(result)