← Back to Skills Marketplace
dongyulin89

Skill Install Guard

by dongyulin89 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
373
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install skill-install-guard
Description
安全拦截型技能,确保安装任何技能前都经过 skill-vetter 的安全审查,输出审查报告并要求用户明确确认,禁止私自安装。
Usage Guidance
This skill is internally consistent with its purpose and doesn't request extra credentials, but before enabling it: 1) confirm how your skill-vetter implementation behaves — ensure any 'online review' option does not upload code or secrets to an untrusted endpoint; 2) verify clawhub and skill-vetter are trusted tools on your system (they will be invoked and may access the network); 3) be aware it will read local workspace skill folders and may record install decisions to agent memory—avoid vetting sensitive/private repos unless you trust the vetter; and 4) test the workflow with a harmless skill to confirm it truly halts installation until you explicitly confirm.
Capability Analysis
Type: OpenClaw Skill Name: skill-install-guard Version: 1.0.0 The skill-install-guard bundle is a defensive security utility designed to intercept skill installation commands and enforce a mandatory security review process. It utilizes a secondary tool (skill-vetter) to analyze code for risks and requires explicit user confirmation before executing any installation via 'clawhub install'. The logic in SKILL.md is transparent, focuses on safety and user consent, and contains no evidence of malicious intent, data exfiltration, or unauthorized execution.
Capability Assessment
Purpose & Capability
The name/description (an install-time vetting guard) matches the instructions: intercept install intent, run checks with skill-vetter, produce a report, request explicit user confirmation, then call clawhub install. It does not request unrelated credentials or privileged OS access.
Instruction Scope
Instructions legitimately read skill files (local workspace), call clawhub info/install, clone or download remote repos for review, and may write an install history to memory. These actions are appropriate for a vetting guard, but the doc also references an 'online review' mode for skill-vetter which could upload skill code or metadata to an external service — that is not spelled out and could leak sensitive code if enabled.
Install Mechanism
Instruction-only skill with no install spec and no bundled code. Nothing is written to disk by the skill itself beyond optional recordings to memory; any downloading/cloning is tied to vetting remote skills (expected).
Credentials
The skill declares no environment variables, credentials, or config paths. The SKILL.md does instruct reading local workspace skill folders and optional memory files (reasonable for vetting). There are no unexplained secret requests.
Persistence & Privilege
always is false and there is no attempt to persist self-enabled configuration outside optional install-history entries in memory. It does not request elevated or cross-skill configuration changes.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-install-guard
  3. After installation, invoke the skill by name or use /skill-install-guard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
skill-install-guard v1.0.0 - New initial release of a security enforcement skill for installing other skills. - Intercepts all install requests, pauses the action, and performs security audits via skill-vetter before installation proceeds. - Outputs detailed safety review reports and strictly requires explicit user confirmation before installing. - Disallows all unapproved or automatic installs; no installation happens without an explicit "yes". - Supports scenarios like batch install attempts, third-party sources, and skill updates, always enforcing the security workflow.
Metadata
Slug skill-install-guard
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Skill Install Guard?

安全拦截型技能,确保安装任何技能前都经过 skill-vetter 的安全审查,输出审查报告并要求用户明确确认,禁止私自安装。 It is an AI Agent Skill for Claude Code / OpenClaw, with 373 downloads so far.

How do I install Skill Install Guard?

Run "/install skill-install-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Install Guard free?

Yes, Skill Install Guard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Install Guard support?

Skill Install Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Install Guard?

It is built and maintained by dongyulin89 (@dongyulin89); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments