← Back to Skills Marketplace

Remote Skill Engine

Name: Remote Skill Engine
Author: oki3505f

by om yarewara · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

613

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install remote-skill-engine

Description

Cache and use skills from ClawHub and GitHub as if locally installed. Stores remote skills in local cache folder for offline use.

Usage Guidance

This skill implements exactly what it advertises — caching remote skills — but it does so in a risky way. Things to consider before installing: - The scripts disable TLS certificate verification when downloading remote files. That allows man-in-the-middle attackers to substitute malicious code. Do not run these scripts in production or on machines with sensitive data unless you fix the SSL behavior. - The tool downloads arbitrary scripts and marks them executable, then symlinks them into your agent's skills folder. That means untrusted upstream code can become a locally runnable skill. Only cache skills from repositories and authors you trust; inspect SKILL.md and any scripts before caching. - The skill calls external CLIs (clawhub, gh, date, python3) that are not declared in the metadata. Ensure those tools exist and you understand what credentials they use (e.g., GH tokens) before running. - The documentation references management scripts that are missing from the package; expect incomplete features. Recommended mitigations: - Do not run this on a host with sensitive credentials or production data. Run it in a disposable sandbox or container. - Patch the code to re-enable TLS verification (remove ssl.CERT_NONE usage) and consider verifying content integrity (checksums or git commit IDs) before making files executable. - Manually review remote SKILL.md and any downloaded scripts before caching; prefer using signed releases or pinned git SHAs rather than guessed raw URLs. - If you need this functionality, restrict auto-sync and remove any auto-execution behaviors; require explicit manual approval for each cached update. If you want, I can produce a patched version of the download functions that enforce TLS verification and add safety checks (e.g., prompt for approval, validate file types, compute & verify checksums) or a checklist for safely using this skill.

Capability Analysis

Type: OpenClaw Skill Name: remote-skill-engine Version: 1.0.0 The 'remote-skill-engine' skill is highly suspicious due to critical vulnerabilities that enable arbitrary code execution and Man-in-the-Middle (MITM) attacks. The `scripts/cache-skill.py` script allows downloading skills from arbitrary URLs (including `github://` and `https://` direct links), makes downloaded scripts executable, and then symlinks the entire cached skill directory into the agent's active `skills/` path, effectively treating any remote skill as a fully trusted local skill. This creates a severe supply chain risk. Compounding this, `scripts/cache-skill.py`, `scripts/execute-remote-skill.py`, and `scripts/fetch-skill.py` explicitly disable SSL certificate verification (`ctx.verify_mode = ssl.CERT_NONE`), making all remote content fetches vulnerable to MITM attacks, allowing an attacker to inject malicious code or instructions without detection.

Capability Assessment

ℹ Purpose & Capability

The skill's name/description match its behavior: it fetches SKILL.md and related files, caches them, and symlinks them into the local skills folder so they behave like installed skills. However, the implementation calls external CLIs (clawhub, gh, date, python3) and expects a skills/ layout that aren't declared in the metadata; several workflows reference additional scripts (update-cached-skills.sh, sync-skill.sh, cache-stats.sh, etc.) that are mentioned in SKILL.md but are not present in the file manifest.

⚠ Instruction Scope

The runtime instructions and included scripts instruct the agent (or a user) to fetch arbitrary SKILL.md and scripts from remote repos and store them locally, set executables, and symlink them into the agent's skills directory. That expands the agent's attack surface by allowing unvetted remote code to become local skills. execute-remote-skill.py prints SKILL.md and encourages executing commands from the downloaded skill; cache-skill.py sets downloaded scripts to 0o755, enabling execution. SKILL.md also suggests auto-syncing and auto-executing workflows which could cause repeated unverified downloads/updates.

⚠ Install Mechanism

There is no install spec, but multiple provided scripts download raw files from constructed URLs (raw.githubusercontent.com and guessed ClawHub patterns). The download functions intentionally disable TLS verification (ssl.CERT_NONE, check_hostname=False) in multiple scripts, which is a high-risk practice because it permits man-in-the-middle injection of arbitrary content. The skill writes fetched files to disk and marks scripts executable, so a network attacker or a malicious upstream repo could deliver executable code.

⚠ Credentials

The registry metadata declares no required environment variables or credentials, but the scripts call the 'gh' and 'clawhub' CLIs and may rely on GitHub tokens or CLI configuration for richer searches; these CLIs and any tokens are not declared. The skill does network I/O to arbitrary URLs and caches content locally; although it doesn't explicitly request secrets, the lack of declared auth coupled with disabled SSL verification increases the risk that credentials (if used elsewhere) or other sensitive data could be exposed via MITM or by inadvertently caching a skill that exfiltrates data when later executed.

⚠ Persistence & Privilege

The skill creates persistent files and a symlink into the agent's skills directory (~/.openclaw/workspace/skills), installing remote code into the agent's runtime area. While not set to always:true, this ability to add or replace skills persistently means it can expand the agent's capabilities by introducing unvetted code. The skill modifies the agent's skills directory (a cross-skill config area), which is a higher-privilege action than merely storing its own config.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install remote-skill-engine
After installation, invoke the skill by name or use /remote-skill-engine
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Cache and use skills from ClawHub/GitHub as if locally installed. Includes batch caching, offline mode, auto-symlink to skills folder.

Metadata

Slug remote-skill-engine

Version 1.0.0

License —

All-time Installs 2

Active Installs 2

Total Versions 1

Frequently Asked Questions

What is Remote Skill Engine?

Cache and use skills from ClawHub and GitHub as if locally installed. Stores remote skills in local cache folder for offline use. It is an AI Agent Skill for Claude Code / OpenClaw, with 613 downloads so far.

How do I install Remote Skill Engine?

Run "/install remote-skill-engine" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Remote Skill Engine free?

Yes, Remote Skill Engine is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Remote Skill Engine support?

Remote Skill Engine is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Remote Skill Engine?

It is built and maintained by om yarewara (@oki3505f); the current version is v1.0.0.

More Skills