← Back to Skills Marketplace
Skill Safe Install
by
halfmoon82
· GitHub ↗
· v2.2.0
· MIT-0
812
Downloads
0
Stars
5
Active Installs
2
Versions
Install in OpenClaw
/install skill-safe-install-l0
Description
L0 级技能安全安装流程。触发“安装技能/安全安装/审查权限”时,强制执行 Step0-5(查重→检索→审查→沙箱→正式安装→白名单)。
Usage Guidance
This skill implements a reasonable secure-install workflow, but review these points before installing: (1) Confirm you accept the hardcoded trusted-author whitelist (halfmoon82 / deepeye) — those skills will skip risk review. (2) The instructions edit ~/.openclaw/openclaw.json using jq; ensure you (or the agent) explicitly authorize Step 5 and that backups are retained. (3) Ensure the runtime environment actually has clawhub, jq, mktemp, cp, mv available — the skill metadata does not declare these dependencies. (4) Consider running the sandbox install commands manually first to validate behavior, and verify that any automated consent/whitelist write is logged and reversible. If you need higher assurance, request the author to (a) declare required binaries/config paths in metadata and (b) make the trust whitelist configurable rather than hardcoded.
Capability Analysis
Type: OpenClaw Skill
Name: skill-safe-install-l0
Version: 2.2.0
This skill implements a 'Safe Install' workflow that includes a hardcoded whitelist in SKILL.md, exempting specific authors (halfmoon82, deepeye) from security inspections. It also automates the modification of the core configuration file (~/.openclaw/openclaw.json) to add skills to the 'allowBundled' list, which grants them persistent trusted status. While framed as a security utility, the bypass mechanism for a large list of specific skills and the automated editing of system configurations pose a risk of unauthorized privilege escalation for those authors' software.
Capability Assessment
Purpose & Capability
The skill's name and description align with the runtime instructions: it enforces a 6-step install workflow (duplicate check, search, inspect, sandbox, install, whitelist). However it hardcodes a first‑party trust whitelist (authors halfmoon82 / deepeye) that exempts those skills from risk review — this is a governance decision that could legitimately exist but must be consciously accepted by operators.
Instruction Scope
The SKILL.md instructs the agent to read and modify the user's OpenClaw config (~/.openclaw/openclaw.json) (backup + jq edits). It also requires running system commands (clawhub, mktemp, jq, cp, mv) and performing installs in an isolated workdir. Those file-path modifications and command executions are within the skill's stated purpose, but modifying the agent's config is a sensitive action and the SKILL.md relies on a user consent step — ensure that consent is enforced and auditable.
Install Mechanism
This is instruction-only (no install spec, no code files), which is lowest install risk. Still, the instructions assume presence of specific CLI tools (clawhub, jq, mktemp) even though the skill declares no required binaries; that's an operational mismatch to be aware of.
Credentials
The skill declares no required env vars or config paths, yet the runtime instructions explicitly read and write ~/.openclaw/openclaw.json and rely on jq and clawhub. The implicit requirement to edit the agent's config and to run external binaries is not reflected in the declared metadata — a proportionality mismatch that should be fixed or acknowledged.
Persistence & Privilege
The skill can cause persistent changes by appending skills to the allowBundled whitelist. The SKILL.md states Step 5 requires explicit user authorization, which mitigates risk. It does not set always:true, and it does not request autonomous always-on privileges — but modifying the agent config is a powerful action and should only be allowed after clear, logged consent.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-safe-install-l0 - After installation, invoke the skill by name or use
/skill-safe-install-l0 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.2.0
Add first-party trusted skill whitelist
v2.1.0
L0关键词强制触发,修复沙箱流程,补充中英文文档
Metadata
Frequently Asked Questions
What is Skill Safe Install?
L0 级技能安全安装流程。触发“安装技能/安全安装/审查权限”时,强制执行 Step0-5(查重→检索→审查→沙箱→正式安装→白名单)。 It is an AI Agent Skill for Claude Code / OpenClaw, with 812 downloads so far.
How do I install Skill Safe Install?
Run "/install skill-safe-install-l0" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Safe Install free?
Yes, Skill Safe Install is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Safe Install support?
Skill Safe Install is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Safe Install?
It is built and maintained by halfmoon82 (@halfmoon82); the current version is v2.2.0.
More Skills