← Back to Skills Marketplace
zququ

CHIS/CHISF

by Zephyr Ray · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
451
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install chis-chisf
Description
Standardized skill install workflow using short aliases (chis/chisf) with force + force-install + workspace-aware lookup.
README (SKILL.md)

CHIS / CHISF

A lightweight skill to standardize how we install/manage OpenClaw skills.

Core idea

  • chis \x3Cslug> [workdir] [version] = install a skill from ClawHub.
  • chisf \x3Cslug> [workdir] [version] = force-install when the package is flagged/requires overwrite.
  • clawhub inspect \x3Cslug> = inspect before install (recommended for validation).
  • Always run installs with explicit workdir and skills dir to avoid path confusion.

Default workdir in examples: /Users/zququ/.openclaw/workspace.

Default command mapping

1) Standard install

clawhub install \x3Cslug> --workdir /Users/zququ/.openclaw/workspace --dir skills --version \x3Cversion>
  • Omit --version for latest.
  • If no version argument, installs latest available.

2) Force install

clawhub install \x3Cslug> --force --workdir /Users/zququ/.openclaw/workspace --dir skills --version \x3Cversion>

Use this when:

  • package is flagged as suspicious
  • overwrite behavior is required

3) Inspect before install (recommended)

clawhub inspect \x3Cslug>

4) Verify

clawhub list --workdir /Users/zququ/.openclaw/workspace --dir skills

CHIS aliases

Use these shortcuts in practice:

  • chis \x3Cslug> → same as standard install in default workspace.
  • chisf \x3Cslug> → same as force install in default workspace.
  • If needed, set your session path context and explicitly pass an alternate path:
    • chis --workdir /alt/path \x3Cslug>
    • chisf --workdir /alt/path \x3Cslug>

Failure handling

  1. If Rate limit exceeded: retry after a few minutes.
  2. If command fails due to path mismatch: ensure you are checking with same --workdir and --dir skills used during install.
  3. If package not found: confirm correct slug via clawhub search \x3Ckeyword>.

Safe defaults for this environment

  • Use:

    • --workdir /Users/zququ/.openclaw/workspace
    • --dir skills

  • Already-known working example:

clawhub install proactive-agent --force --workdir /Users/zququ/.openclaw/workspace --dir skills

Notes

  • CHISF is a human-facing label I use for force-install style operations.
  • Keep all install actions explicit and repeatable; never rely on default working dir.
  • Failure handling
    • If install fails, run clawhub inspect \x3Cslug> --workdir /Users/zququ/.openclaw/workspace --dir skills for a quick pre-check.
    • If it still fails due to environment mismatch, re-run with explicit --workdir /Users/zququ/.openclaw/workspace and --dir skills (never rely on implicit defaults).
  • For suspected API/service issues (e.g., rate limit exceeded), prefer 10–20 minute pause and retry.
  • If rate limit persists, use the local fallback installer: /Users/zququ/.local/bin/clawhub-install-safe --force \x3Cslug> \x3Cworkdir> (or without --force when not needed) before switching to another approach.
  • Keep the same --workdir and --dir skills/registry context when re-running.
Usage Guidance
This skill is essentially a shortcut for running 'clawhub' install/inspect commands, but there are a few red flags to consider before installing or running it: - Verify you have and trust the 'clawhub' binary. The skill assumes clawhub exists but the metadata does not declare it. If you install this skill, ensure 'clawhub' is the expected, official tool on your system. - Be cautious about the advice to use --force on 'flagged' packages. Force-installing packages that are flagged as suspicious bypasses safety checks and can install malicious code; prefer to inspect packages and understand why they were flagged before forcing installation. - The script and docs use a hard-coded home path (/Users/zququ/...). Update the default workdir to a path appropriate for your machine or always pass an explicit --workdir to avoid accidental writes to an unexpected location. - The SKILL.md mentions a local fallback binary (/Users/zququ/.local/bin/clawhub-install-safe). If such a binary exists on your system, inspect it before running it — do not execute unknown local binaries without review. If you want to use this skill: (1) edit the script or wrapper to remove or replace hard-coded paths, (2) add 'clawhub' to the declared required binaries, and (3) avoid blindly following the recommendation to force-install flagged packages. These changes would make the skill much more trustworthy.
Capability Analysis
Type: OpenClaw Skill Name: chis-chisf Version: 1.0.2 The skill is classified as suspicious due to a direct command execution instruction found in SKILL.md. Specifically, the markdown instructs the AI agent to execute a local binary at `/Users/zququ/.local/bin/clawhub-install-safe` as a fallback installer. While this action is presented within the context of skill installation, it represents a significant prompt injection risk, as it directs the agent to run an arbitrary local executable based on markdown content. The `scripts/chis-chisf.sh` script, while using safer argument passing to `clawhub`, still wraps commands that handle user-controlled input, relying on the security of the `clawhub` binary itself.
Capability Assessment
Purpose & Capability
The skill's stated purpose is to standardize installs via clawhub, but the metadata declares no required binaries while both SKILL.md and the included shell script assume the 'clawhub' command (and optionally a local fallback at /Users/zququ/.local/bin/clawhub-install-safe). The absence of 'clawhub' in required binaries is an incoherence.
Instruction Scope
Instructions are limited to running clawhub install/inspect, which matches the purpose, but they also (a) hard-code an author-specific default workdir (/Users/zququ/.openclaw/workspace), and (b) explicitly recommend using --force to install packages even when 'flagged as suspicious', which encourages bypassing safety checks and is a policy risk.
Install Mechanism
No install spec — this is an instruction-only skill with a simple included bash script. There are no downloads or archive extracts, so the install mechanism itself is low-risk and consistent with the stated function.
Credentials
The skill does not request credentials or environment variables, which is proportional. However, it references specific filesystem paths in examples and a local fallback binary path that are tied to the packager's home directory; this is unusual and could cause accidental writes or execution in unexpected locations.
Persistence & Privilege
The skill does not request permanent presence (always is false) and is user-invocable. It does not modify other skills or system configuration in its instructions; persistence/privilege demands are reasonable.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install chis-chisf
  3. After installation, invoke the skill by name or use /chis-chisf
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Clarify rate-limit fallback + publish retry guidance.
v1.0.1
Updated failure handling and rate-limit fallback guidance.
v1.0.0
Standardize workspace-aware skill install workflow with chis/chisf aliases.
Metadata
Slug chis-chisf
Version 1.0.2
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is CHIS/CHISF?

Standardized skill install workflow using short aliases (chis/chisf) with force + force-install + workspace-aware lookup. It is an AI Agent Skill for Claude Code / OpenClaw, with 451 downloads so far.

How do I install CHIS/CHISF?

Run "/install chis-chisf" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is CHIS/CHISF free?

Yes, CHIS/CHISF is completely free (open-source). You can download, install and use it at no cost.

Which platforms does CHIS/CHISF support?

CHIS/CHISF is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created CHIS/CHISF?

It is built and maintained by Zephyr Ray (@zququ); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments