← Back to Skills Marketplace
121
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install normieclaw-full-stack
Description
Every NormieClaw skill in one download. 34 production-tested OpenClaw skills covering productivity, finance, health, education, content creation, and more. I...
Usage Guidance
This bundle contains a lot of local scripts and many SKILL.md files — treat it as untrusted code until you verify it. Before installing: 1) Verify provenance: who published it, are there checksums or a signed release, is there an official homepage or Git repo? 2) Inspect the top-level SKILL.md and each SETUP-PROMPT block for any hidden/injected content (look for the flagged phrases and for invisible unicode chars). 3) Do NOT paste the provided setup block into a production agent chat or run it on your main workstation without review — that block asks the agent to execute filesystem operations; run similar steps yourself manually in a sandbox if you decide to proceed. 4) Run the code in an isolated environment (VM or container) or on a throwaway account first; check scripts for any network calls, remote endpoints, or commands that might overwrite critical files. 5) Search the repository for suspicious patterns (curl/wget to external hosts, base64/decode/exec, git remote add, ssh, scp, rsync, nc/socat) and review any scripts that will be executed by the agent (shell scripts and python scripts). 6) If you want this package but don't trust the bundle, extract only the individual skills you need and audit them separately. Additional information that would raise confidence: a known publisher/homepage, cryptographic signatures or checksums, or an independent security audit for the full bundle.
Capability Analysis
Type: OpenClaw Skill
Name: normieclaw-full-stack
Version: 1.0.0
The NormieClaw Full Stack bundle is a comprehensive and well-architected collection of 34 skills that follow high security standards for the OpenClaw ecosystem. The package includes robust defensive measures, such as explicit prompt-injection defense instructions in every SKILL.md file and the use of restrictive file permissions (chmod 600/700 and umask 077) in setup scripts like health-buddy-pro/scripts/health-buddy-init.sh. Python and Bash scripts utilize path canonicalization and strict regex-based input validation (e.g., hireme-pro/scripts/generate-resume-pdf.sh and party-planner-pro/scripts/export-plan.sh) to prevent path traversal. All network activities, such as SEC EDGAR checks, are purpose-aligned and transparent, while PDF generation scripts (docuscan/scripts/generate-pdf.py) explicitly disable JavaScript and block non-local requests to prevent exfiltration. No malicious intent or critical vulnerabilities were identified.
Capability Assessment
Purpose & Capability
The package name and description match the delivered contents: it's a single archive bundling 34 distinct NormieClaw skills, each with its own SKILL.md, scripts, and dashboard kit. Requesting no credentials and no special binaries is consistent with a local-only toolset. The scope (many different sub-skills, local JSON data, dashboard templates, and shell/python scripts) is large but coherent with a 'full stack' bundle—however, the absence of provenance (unknown source, no homepage) makes the large bundle suspicious from a trust/provenance perspective.
Instruction Scope
The provided SETUP-PROMPT explicitly tells users to paste a block into their agent chat that runs a sequence of shell commands (find/cp/mkdir/chmod/etc). That installation mechanism asks the agent to perform filesystem operations and set permissions — reasonable for installing local skills but risky if you don't trust the source or the agent. The top-level SKILL.md also contained prompt-injection patterns flagged by the scanner (e.g., 'ignore-previous-instructions', 'you-are-now' and unicode control chars), which indicates the instructions themselves may attempt to influence agent behavior. Some sub-skill SKILL.md files contain explicit prompt-injection defenses (good), but the presence of injection markers at the package level is a red flag.
Install Mechanism
There is no remote install step (no downloads from external URLs) which reduces risk from arbitrary remote code fetch. The install flow is instruction-only: copying files from the bundle into your agent workspace and creating data directories. That is low on direct supply-chain concerns but still writes many files into your workspace and includes executable scripts (shell and Python) that could be run by the agent or by you. The 'find ... -exec cp' pattern used in SETUP-PROMPT is unusual (copies matching files from anywhere in the filesystem tree into the skills folder) and could overwrite or pull in unexpected files if misused.
Credentials
The registry metadata declares no required environment variables or credentials, and most per-skill SECURITY.md files claim local-only operation. That is appropriate for the described functionality. However, some templates and manifests (dashboard/database schemas, supabase-server template) reference DB concepts and local hosting — they may prompt you later to configure external services. No direct env/secret exfiltration markers were declared, but lack of provenance increases risk if later manual setup steps request credentials.
Persistence & Privilege
The skill is not marked 'always:true' and uses the platform-default for autonomous invocation. Installing this bundle will place many skills and executable scripts in your workspace (persistent files) which increases attack surface; the package does not request system-wide privileges explicitly. The main risk is the agent being instructed (or persuaded via injected prompts) to run those scripts or copy/overwrite files — not the metadata's privilege flags themselves.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install normieclaw-full-stack - After installation, invoke the skill by name or use
/normieclaw-full-stack - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial publish from NormieClaw.ai
Metadata
Frequently Asked Questions
What is NormieClaw Full Stack?
Every NormieClaw skill in one download. 34 production-tested OpenClaw skills covering productivity, finance, health, education, content creation, and more. I... It is an AI Agent Skill for Claude Code / OpenClaw, with 121 downloads so far.
How do I install NormieClaw Full Stack?
Run "/install normieclaw-full-stack" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is NormieClaw Full Stack free?
Yes, NormieClaw Full Stack is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does NormieClaw Full Stack support?
NormieClaw Full Stack is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created NormieClaw Full Stack?
It is built and maintained by Nollio (@nollio); the current version is v1.0.0.
More Skills