← Back to Skills Marketplace
461
Downloads
0
Stars
4
Active Installs
2
Versions
Install in OpenClaw
/install safe-install
Description
Install OpenClaw skills through policy validation, ClawShield scanning, snapshot storage, and rollback controls.
Usage Guidance
This tool is coherent with its stated purpose, but before installing: (1) review the policy file you will use (allowedSources, blockedPatterns, and registry mappings) so the tool doesn't allow unexpected local paths; (2) inspect or vet the @mike007jd/openclaw-clawshield dependency (it performs scanning and could perform network I/O); (3) confirm the store directory (.openclaw-tools/safe-install) is an acceptable location for snapshots and history and contains no sensitive files you don't want preserved; and (4) run the test fixtures in a sandbox to verify behavior (fixtures intentionally include a curl | sh payload to validate blocking). The package contains code files (bin + src) despite lacking an external install spec—this is normal for a CLI-but-not-automatically-installed skill but worth noting.
Capability Analysis
Type: OpenClaw Skill
Name: safe-install
Version: 1.0.1
The safe-install skill is a security utility designed to provide a protected installation flow for other OpenClaw skills, featuring policy validation, risk scanning via ClawShield, and rollback snapshots. While the bundle includes a test fixture (fixtures/avoid-skill/scripts/install.sh) containing a 'curl | sh' payload (IOC: malicious.example), this is explicitly used as a negative test case to verify the tool's detection and blocking logic, as confirmed in test.js. The core implementation in src/index.js follows secure coding practices, including path traversal protections and resource limits.
Capability Assessment
Purpose & Capability
Name, description, CLI usage, and source code align: the tool performs local-path resolution, policy validation, a ClawShield scan, decisioning (Safe/Caution/Avoid), and snapshot/history storage. The sole required binary is node which is appropriate. The fixtures (including one with a curl | sh payload) are test cases used to demonstrate blocking behavior and are consistent with the installer's purpose.
Instruction Scope
SKILL.md instructs running the included CLI against local paths and a local policy file and shows storing snapshots under .openclaw-tools — all within the declared scope. The runtime code reads policy and store files under .openclaw-tools by default and resolves local directories or registry aliases from the policy. There are no instructions that attempt to read unrelated system secrets or transmit data to unexpected endpoints in the provided content.
Install Mechanism
There is no external install spec (the package is distributed as code files and a bin script), which is low risk. The code depends on an external package (@mike007jd/openclaw-clawshield) for scanning; that dependency is expected but is the primary external piece to review because it could perform network activity or other scanning behaviour. No downloads or URL-based installs are performed by this code itself.
Credentials
The skill declares no required environment variables or credentials and the code does not read secrets or external credentials in the visible portions. Access to filesystem paths is scoped to local skill sources and the .openclaw-tools store, which is appropriate for a local installer.
Persistence & Privilege
The skill does not request always:true and defaults to normal invocation rules. It writes snapshots, state.json, and history.json under a local store directory (.openclaw-tools/safe-install) which is expected for this tool and does not appear to modify other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install safe-install - After installation, invoke the skill by name or use
/safe-install - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
README and SKILL.md compliance update for OpenClaw / ClawHub alignment.
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Safe Install?
Install OpenClaw skills through policy validation, ClawShield scanning, snapshot storage, and rollback controls. It is an AI Agent Skill for Claude Code / OpenClaw, with 461 downloads so far.
How do I install Safe Install?
Run "/install safe-install" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Safe Install free?
Yes, Safe Install is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Safe Install support?
Safe Install is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Safe Install?
It is built and maintained by mike007jd (@mike007jd); the current version is v1.0.1.
More Skills