← Back to Skills Marketplace

技能商店客户端

Name: 技能商店客户端
Author: pig-gua

by 呱仔 · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

275

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skill-shop

Description

技能商店客户端，支持查询在线技能、一键下载安装技能包

Usage Guidance

This package does what it claims (query a local skill store and install skill archives), but it contains risky behaviors you should consider before installing or running it: - Unsafe archive extraction: zipfile.extractall and tarfile.extractall are used without any path sanitization; specially crafted archives can overwrite files anywhere the process can write. Treat downloads as untrusted data. - Hardcoded install path: it writes to /root/.openclaw/workspace/skills/, which assumes root and a specific layout. Run as a non-privileged user and change SKILLS_DIR to a safer location. - No integrity checks: downloaded packages are not validated (no signatures or checksums). An attacker controlling the shop endpoint can supply malicious packages. - External commands: RAR extraction invokes the system 'unrar' binary; that executes external code and may have its own risks. Recommendations before use: - Only point SHOP_BASE_URL to a shop you control and trust (default is localhost). Verify the server endpoint and run it in a secure environment. - Don't run this as root. Change SKILLS_DIR to a dedicated non-root directory you control. - Add or require package signatures/checksums and validate them before extraction. - Replace extractall with safe extraction that prevents path traversal, or validate archive entries before writing. - Audit any skill packages you install before executing them. Given these issues, treat the skill as suspicious until the extraction and path/config practices are fixed or until you can audit the shop and packages it will download.

Capability Analysis

Type: OpenClaw Skill Name: skill-shop Version: 1.0.1 The skill bundle functions as a 'Skill Shop' client that downloads, extracts, and installs executable code from a local server (127.0.0.1:8080) into a sensitive system directory (/root/.openclaw/workspace/skills/). It is highly vulnerable to path traversal attacks (ZipSlip) because main.py lacks sanitization when extracting ZIP/TAR archives, and it automatically grants execution permissions (chmod 755) to downloaded scripts without any signature verification or integrity checks. While these represent critical security flaws that could lead to arbitrary code execution, there is no clear evidence of intentional malice or data exfiltration.

Capability Assessment

ℹ Purpose & Capability

The code implements the advertised functionality (list/search/install skills from a shop). Dependencies (requests, python) match the purpose. However the install target is hardcoded to /root/.openclaw/workspace/skills/, which is surprising (assumes root and a specific filesystem layout) and should be configurable rather than baked into the script.

⚠ Instruction Scope

The script downloads arbitrary skill packages from SHOP_BASE_URL and extracts them to disk. Extraction uses zipfile.extractall and tarfile.extractall without path sanitization, which is vulnerable to zip-slip / tar path-traversal and can overwrite arbitrary files. It may also invoke system 'unrar'. The SKILL.md does not warn about these risks, nor does the code validate signatures/checksums or restrict allowed paths.

ℹ Install Mechanism

There is no separate installer (instruction-only plus an included main.py). No external install URLs are used; downloads are performed at runtime from SHOP_BASE_URL (default localhost). The lack of an install spec is low risk on its own, but runtime downloads/extraction introduce higher risk as noted above.

ℹ Credentials

The skill requests no credentials or env vars, which aligns with its stated purpose. However it requires write access to a hardcoded root-owned path and uses /tmp for extraction; this implicit requirement (root write access) is not declared in metadata and is disproportionate to a general client tool.

✓ Persistence & Privilege

always is false and the skill does not modify other skills' configuration. Installing downloaded skill packages into the skills directory is expected behavior for a store client. The capability to drop arbitrary files into the skills directory increases blast radius but is consistent with the stated function.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skill-shop
After installation, invoke the skill by name or use /skill-shop
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

修复发布问题

v1.0.0

初始版本发布

Metadata

Slug skill-shop

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is 技能商店客户端?

技能商店客户端，支持查询在线技能、一键下载安装技能包. It is an AI Agent Skill for Claude Code / OpenClaw, with 275 downloads so far.

How do I install 技能商店客户端?

Run "/install skill-shop" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 技能商店客户端 free?

Yes, 技能商店客户端 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 技能商店客户端 support?

技能商店客户端 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 技能商店客户端?

It is built and maintained by 呱仔 (@pig-gua); the current version is v1.0.1.

More Skills