← Back to Skills Marketplace
nmadeleidev

ClawJection

by Gregory Potemkin · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
103
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install clawjection
Description
Install and apply ClawJection bundles when a user asks to install a ClawJection, run a ClawJection, or configure an OpenClaw instance from a ClawJection repo...
README (SKILL.md)

ClawJection

Use this skill when the user asks you to install or run a ClawJection.

What ClawJection Is

ClawJection is a bundle format for modifying a local OpenClaw instance so it adopts a specific role or capability set.

A ClawJection bundle has:

  • a required clawjection.yaml
  • an entrypoint declared by that manifest
  • arbitrary bundle internals chosen by the bundle author

The entrypoint is expected to:

  • modify the OpenClaw workspace or local runtime
  • install tools, skills, or auth setup when needed
  • return a structured result JSON with ordered followups

Install Flow

  1. Get the bundle locally.
  2. Find the bundle root by locating clawjection.yaml.
  3. Read clawjection.yaml and resolve entrypoint.path.
  4. Run the entrypoint from the bundle root with the apply action.
  5. By default, let the entrypoint discover OpenClaw config from ~/.openclaw/openclaw.json.
  6. If needed, pass --openclaw-config-path \x3Cpath>.
  7. Treat stdout as agent-readable hints.
  8. Read the structured result JSON from CLAWJECTION_RESULT_PATH.
  9. Execute the returned ordered followups.

Source Types

Git repository

  • Clone the repo to a temporary local directory.
  • If the repo contains multiple bundles, choose the directory containing the intended clawjection.yaml.

Archive URL or local zip

  • Download or unpack it to a temporary local directory.
  • Identify the bundle root by locating clawjection.yaml.

Local directory

  • Use it directly if it contains clawjection.yaml.

Execution Rules

  • Run from the bundle root so relative paths in the bundle resolve correctly.
  • Do not assume the bundle layout beyond clawjection.yaml and the declared entrypoint.
  • If the bundle installs CLIs or skills, verify they were actually installed before claiming success.
  • If the result says needs_user_action, do not treat the setup as finished; perform the followups.

Safety

  • Review what the entrypoint appears to do before running untrusted bundles.
  • Tell the user when a bundle will overwrite core OpenClaw files such as IDENTITY.md.
  • Never claim a remote skill or CLI is installed unless the install command succeeded.
  • Keep secrets out of workspace files unless the bundle explicitly requires that behavior and the user agrees.

References

  • Read standard/v1.md in this repo for the full execution contract.
  • Read schemas/clawjection.schema.json and schemas/result.schema.json when you need the exact manifest or result structure.
Usage Guidance
This skill lets the agent download and execute arbitrary 'ClawJection' bundles that can modify your local OpenClaw runtime and install software. Before installing or using this skill, consider: 1) Only use bundles from sources you fully trust; 2) Require explicit, manual confirmation before running any bundle entrypoint or before applying any followups; 3) Inspect clawjection.yaml and the entrypoint code yourself (or in a sandbox) before execution; 4) Run bundle application inside an isolated VM/container or ephemeral environment with restricted network/filesystem access; 5) Back up ~/.openclaw/openclaw.json, IDENTITY.md, and other critical OpenClaw files before applying a bundle; 6) Be cautious with bundles that request or create CLAWJECTION_RESULT_PATH or other env vars — the SKILL.md references CLAWJECTION_RESULT_PATH but does not declare it; 7) Prefer signed or provenance-verified bundles and add limits on followup actions (never execute followups automatically). If you need this capability but want safer behavior, ask the skill author to: declare required env vars and file accesses, require interactive confirmation for destructive or persistent changes, document a trust/provenance model, and recommend sandboxing steps.
Capability Analysis
Type: OpenClaw Skill Name: clawjection Version: 1.0.0 The skill defines a framework for the AI agent to download, unpack, and execute arbitrary code ('entrypoints') from remote Git repositories or URLs via the 'ClawJection' format. While it includes a safety section advising the agent to review code, the core logic in SKILL.md instructs the agent to run external scripts and perform 'ordered followups' dictated by untrusted third-party manifests (clawjection.yaml). This creates a significant risk of Remote Code Execution (RCE) and unauthorized environment modification by design.
Capability Assessment
Purpose & Capability
Name/description and the SKILL.md are aligned: this skill is a policy/instruction set for installing and applying ClawJection bundles. The actions described (locating clawjection.yaml, running an entrypoint, modifying OpenClaw workspace, installing tools/skills) are expected for this purpose. However, the capability implies executing arbitrary bundle code and modifying local runtime state — a significant escalation that should be explicit and constrained by trust or sandboxing controls.
Instruction Scope
The instructions direct the agent to clone or download arbitrary repos/archives, run the bundle's entrypoint from the bundle root (which may execute arbitrary commands), read local config (~/.openclaw/openclaw.json) by default, read a structured result from CLAWJECTION_RESULT_PATH, and then execute returned ordered 'followups'. There is no required explicit step enforcing user confirmation, sandboxing, or limiting followup actions. The agent is told to treat stdout as hints and to execute followups — this grants broad discretion and potential for unintended changes or exfiltration.
Install Mechanism
No install spec or code files are present (instruction-only), which lowers the formal install risk surface. The primary risk arises from the runtime behavior described in SKILL.md (downloading/running bundle entrypoints), not from any packaged install process.
Credentials
requires.env and primary credential are empty, but the instructions implicitly require access to local OpenClaw configuration (~/.openclaw/openclaw.json) and rely on CLAWJECTION_RESULT_PATH for results (this environment variable is referenced but not declared). The skill may need network access, filesystem write permission, and the ability to invoke installers — none of which are scoped or restricted. That mismatch between declared requirements and the actual environment/file access is concerning.
Persistence & Privilege
always:false (normal), but the skill explicitly instructs running bundle entrypoints that can install CLIs/skills or modify core OpenClaw files (e.g., IDENTITY.md). Although the skill does not itself request permanent presence, it provides a mechanism to install persistent components into the agent environment and to run arbitrary followups, which is a significant privilege. No safeguards require user approval for persistent changes.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawjection
  3. After installation, invoke the skill by name or use /clawjection
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the clawjection skill. - Supports installing and applying ClawJection bundles from Git repositories, archives, or local directories. - Handles ClawJection install flow, including discovering the bundle, running the entrypoint, and processing results. - Ensures safety by notifying users about changes to core files and requiring verification of installations. - Executes ordered follow-up actions based on the bundle output.
Metadata
Slug clawjection
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is ClawJection?

Install and apply ClawJection bundles when a user asks to install a ClawJection, run a ClawJection, or configure an OpenClaw instance from a ClawJection repo... It is an AI Agent Skill for Claude Code / OpenClaw, with 103 downloads so far.

How do I install ClawJection?

Run "/install clawjection" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ClawJection free?

Yes, ClawJection is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ClawJection support?

ClawJection is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ClawJection?

It is built and maintained by Gregory Potemkin (@nmadeleidev); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments