← Back to Skills Marketplace
shindo957-official

openclaw-plus

by Shindo957-Official · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
812
Downloads
2
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-plus
Description
A modular super-skill combining developer and web capabilities. Use when the user needs Python execution, package management, git operations, URL fetching, o...
Usage Guidance
This skill is internally consistent with its advertised purpose: it runs Python, installs packages (pip/apt), manipulates git repos, and makes network requests. Those are exactly the powerful operations you should expect. Before enabling or allowing autonomous use, consider: 1) Run it in a sandbox or throwaway environment if you plan to allow package installs or arbitrary code execution; 2) Be careful about committing files to git — review content for secrets before committing; 3) System package installs require sudo and can change the host; avoid on sensitive machines; 4) Don’t supply sensitive credentials unless necessary and only pass them directly to the call_api call (the skill does not automatically read env secrets); 5) If you plan to allow autonomous invocation, restrict scope or monitor runs because the skill can modify disk, install packages, and call external URLs. If you want a safer posture, enable the skill only for user-invoked sessions and review the implementation.py source before use.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-plus Version: 1.0.0 The skill provides powerful developer and web automation capabilities, including arbitrary Python code execution, package installation (with `sudo` for system packages), git operations, and network requests. While these capabilities are aligned with its stated purpose, the `scripts/implementation.py` file exhibits significant vulnerabilities. Specifically, the `install_package` function (especially with `system=True` using `sudo apt-get`) and `git_commit` directly pass unsanitized user-provided strings to `subprocess.run`, creating clear shell injection and arbitrary command execution risks. The `run_python` function also executes arbitrary Python code without explicit sandboxing within the skill itself. These are critical vulnerabilities that could lead to Remote Code Execution and Privilege Escalation if user input or agent instructions are not rigorously sanitized by the OpenClaw environment, classifying the skill as suspicious rather than benign. There is no evidence of intentional malicious behavior (e.g., pre-programmed data exfiltration or backdoors).
Capability Assessment
Purpose & Capability
The name/description (developer + web capabilities) align with the included documentation and implementation. The skill implements run_python, install_package, git_status, git_commit, fetch_url, and call_api as advertised. There are no unrelated required env vars or unexpected capabilities declared.
Instruction Scope
SKILL.md and the implementation permit arbitrary Python execution, pip/apt package installation, writing files, running git commands, and making network requests. Those actions are consistent with the stated purpose, but they grant broad filesystem, process, and network access (creating files, modifying repos, installing system packages, contacting arbitrary URLs). The instructions do not attempt to read unrelated secrets or special system config paths, but they do allow creating/committing files and running arbitrary code supplied at runtime.
Install Mechanism
There is no install spec (instruction-only skill) and all code is bundled in the package. No external download/install-from-URL steps are present. The reference implementation runs local subprocesses (pip, apt, git) but does not fetch or execute remote installers as part of an install script.
Credentials
The skill does not request environment variables or credentials in manifest metadata. The implementation supports passing auth tokens/headers to API calls but does not automatically read or require env secrets. That said, the skill instructs use of sudo apt-get (system package installs) and pip with --break-system-packages, which are high-impact operations for the host system — this is proportionate to the advertised 'install system packages' capability but is powerful and potentially disruptive.
Persistence & Privilege
always is false and the skill does not request persistent system-wide configuration changes. It can run autonomously (disable-model-invocation is false) which is the platform default; combined with the skill's broad capabilities this increases operational risk if you allow autonomous runs, but autonomous invocation alone is expected for skills.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-plus
  3. After installation, invoke the skill by name or use /openclaw-plus
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of openclaw-plus: a unified super-skill for developer and web automation tasks. - Run Python scripts with environment management and output/error capture. - Install Python (pip/conda/system) packages with dependency handling. - Check git repository status and view recent changes. - Commit code changes with support for good commit message practices. - Fetch web content from URLs with robust error handling and content parsing. - Make API calls (REST, GraphQL) with authentication and response validation. - Designed to enable powerful, modular workflows combining code, version control, and web/API interactions.
Metadata
Slug openclaw-plus
Version 1.0.0
License
All-time Installs 1
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is openclaw-plus?

A modular super-skill combining developer and web capabilities. Use when the user needs Python execution, package management, git operations, URL fetching, o... It is an AI Agent Skill for Claude Code / OpenClaw, with 812 downloads so far.

How do I install openclaw-plus?

Run "/install openclaw-plus" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is openclaw-plus free?

Yes, openclaw-plus is completely free (open-source). You can download, install and use it at no cost.

Which platforms does openclaw-plus support?

openclaw-plus is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created openclaw-plus?

It is built and maintained by Shindo957-Official (@shindo957-official); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments