skill_install

Install OpenClaw skills from clawhub.ai ZIP files with automatic detection, validation, and Gateway updates. Supports file search, duplicate checking, and in...

This package appears to do what it claims, but the installer code has two practical safety issues you should consider before running it on a production machine: - Zip path traversal (zip-slip): the script calls zipfile.extractall() without sanitizing member paths. A malicious ZIP could include filenames like ../../etc/passwd or absolute paths and cause files to be written outside the intended temp folder. Always inspect ZIP contents before running (e.g., unzip -l my-skill.zip) and verify member paths. - Predictable temp dir and copy semantics: the script extracts to a fixed /tmp/openclaw_skill_temp and then uses shutil.copytree to overwrite the skills directory. An attacker on the same system could exploit the predictable temp path (symlink/TOCTOU). Also installing untrusted ZIPs as root can overwrite system-wide files. Recommendations: - Only install skill ZIPs from trusted sources and inspect their contents first (list files, check for .. or absolute paths, review scripts inside). - Run the installer as a non-root user and avoid running on production systems; prefer a sandbox or VM for initial testing. - Consider patching the script to use a secure temporary directory (tempfile.mkdtemp), validate/normalize zip paths before extraction, and refuse entries with absolute paths or '..' components. - Backup OpenClaw installation or test in a disposable environment before installing. If you can share the specific ZIP(s) you intend to install or run the script in a controlled environment, confidence in safety could be raised after verifying those archives and/or fixing the extraction logic.

Type: OpenClaw Skill Name: skillinstall Version: 1.0.0 The skill installer is designed to manage OpenClaw skills, performing file system operations and executing system commands. It is classified as 'suspicious' due to a critical ZIP Slip vulnerability in `scripts/skill_install.py` where `zipfile.ZipFile.extractall()` is used without path sanitization. This flaw could allow a malicious ZIP file to write arbitrary files outside the intended temporary directory, potentially leading to remote code execution or system compromise if the script is run with sufficient privileges. While this is a severe vulnerability, there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, backdoor installation) designed by the skill itself, aligning it with the 'suspicious' rather than 'malicious' classification as per the provided guidelines.