← Back to Skills Marketplace
461
Downloads
0
Stars
4
Active Installs
2
Versions
Install in OpenClaw
/install skill-safe-install
Description
Skills 安全安装工具 - 整合 Vetter 代码审查 + ClawHub 评分 + ThreatBook 沙箱扫描三层验证
Usage Guidance
This skill appears to do what it says (local vetting + ClawHub rating + ThreatBook sandbox), but it will package and upload entire skill code to a third‑party service. Before installing, consider: 1) Do not alias/overwrite your `clawhub` command system-wide until you’ve tested the script — that alias would make every install automatically upload code to ThreatBook. 2) Review scripts/safe-install.mjs yourself to confirm exactly what is uploaded and whether temporary directories are cleaned. 3) Be careful about placing sensitive or proprietary skills behind this flow; the tool warns not to upload secrets, but it is your responsibility to prevent that. 4) The README suggests echoing the API key into ~/.openclaw/.env — ensure your runtime actually loads that file or export the env var in your shell/CI so the script can authenticate. 5) Use --dry-run first and run the tool in a controlled environment (non-prod user) to observe behavior. If you must use it in CI, restrict the scanned artifacts to non-sensitive samples or ensure ThreatBook usage complies with your privacy policies.
Capability Analysis
Type: OpenClaw Skill
Name: skill-safe-install
Version: 2.0.1
The skill's stated purpose is to enhance security by vetting other skills, which is benign. However, the `scripts/safe-install.mjs` script uses `child_process.execSync` to execute `clawhub` commands with user-provided `skillName` input. Although the `skillName` is double-quoted, this is insufficient to prevent shell injection if a malicious `skillName` contains crafted characters (e.g., `"; evil_command; echo "`). This constitutes a critical shell injection vulnerability (RCE risk) that could allow an attacker to execute arbitrary commands on the system, classifying the skill as suspicious despite its benevolent intent.
Capability Assessment
Purpose & Capability
Name/description match what the package does: it vetts skill code, queries ClawHub for ratings, and uploads a packaged skill to ThreatBook for sandboxing. Required binaries (node, curl, tar, zip) and THREATBOOK_API_KEY are appropriate for the documented functionality.
Instruction Scope
The runtime instructions and the included script download the target skill via `clawhub install`, scan files locally, then package and upload the skill to the external ThreatBook sandbox. That behavior can leak entire skill source trees (possibly containing sensitive code or secrets). The README suggests aliasing/wrapping `clawhub install` in your shell to force-check every install, which would cause automatic uploads of all skills to the third-party sandbox. The SKILL.md also instructs writing the API key to ~/.openclaw/.env (which is not the same as exporting an env var), a potential operational mismatch.
Install Mechanism
There is no remote install step — the script is included in the skill bundle (scripts/safe-install.mjs), so nothing is fetched/installed from arbitrary URLs at install time. The script uses child_process/execSync to run clawhub and other shell commands, which is expected for a wrapper tool but increases runtime risk if invoked with elevated privileges or used as an automatic wrapper.
Credentials
The only required env var is THREATBOOK_API_KEY (primary credential), which is justified for uploading files to ThreatBook. However: 1) Uploading skill archives to a third-party sandbox will transmit potentially sensitive code/data. 2) The README suggests storing the key in ~/.openclaw/.env rather than exporting it; unless your runtime sources that file, the script may not see the key. 3) The script runs `clawhub` commands which may require ClawHub credentials (CLAWHUB_TOKEN) in some environments—this token is mentioned only as optional in docs, but failure to authenticate could change behavior. These are proportional to the stated purpose but present privacy/operational concerns.
Persistence & Privilege
The skill does not set always:true and does not auto-enable itself. However, SKILL.md recommends adding an alias/function to ~/.bashrc that overrides `clawhub` to route installs through this tool; if a user follows that, it effectively forces the tool into all install workflows and increases its blast radius. The skill itself does not automatically persist or modify other skills' configs, but the recommended integration pattern can create persistent, automatic behavior.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-safe-install - After installation, invoke the skill by name or use
/skill-safe-install - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.1
v2.0.1 更新:新增 Skill-Vetter 代码审查作为第一层检查,整合三层验证流程;新增 --auto 自动模式;统一展示复核结果摘要;优化决策矩阵和用户体验
v2.0.0
v2.0 重大更新:新增 Skill-Vetter 代码审查作为第一层检查,整合三层验证流程;新增 --auto 自动模式;统一展示复核结果摘要;优化决策矩阵和用户体验
Metadata
Frequently Asked Questions
What is Skill Safe Install?
Skills 安全安装工具 - 整合 Vetter 代码审查 + ClawHub 评分 + ThreatBook 沙箱扫描三层验证. It is an AI Agent Skill for Claude Code / OpenClaw, with 461 downloads so far.
How do I install Skill Safe Install?
Run "/install skill-safe-install" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Safe Install free?
Yes, Skill Safe Install is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Skill Safe Install support?
Skill Safe Install is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Safe Install?
It is built and maintained by 想开电动车 (@chj0w0); the current version is v2.0.1.
More Skills