← 返回 Skills 市场
CHIS/CHISF
作者
Zephyr Ray
· GitHub ↗
· v1.0.2
451
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install chis-chisf
功能描述
Standardized skill install workflow using short aliases (chis/chisf) with force + force-install + workspace-aware lookup.
使用说明 (SKILL.md)
CHIS / CHISF
A lightweight skill to standardize how we install/manage OpenClaw skills.
Core idea
chis \x3Cslug> [workdir] [version]= install a skill from ClawHub.chisf \x3Cslug> [workdir] [version]= force-install when the package is flagged/requires overwrite.clawhub inspect \x3Cslug>= inspect before install (recommended for validation).- Always run installs with explicit workdir and skills dir to avoid path confusion.
Default workdir in examples: /Users/zququ/.openclaw/workspace.
Default command mapping
1) Standard install
clawhub install \x3Cslug> --workdir /Users/zququ/.openclaw/workspace --dir skills --version \x3Cversion>
- Omit
--versionfor latest. - If no version argument, installs latest available.
2) Force install
clawhub install \x3Cslug> --force --workdir /Users/zququ/.openclaw/workspace --dir skills --version \x3Cversion>
Use this when:
- package is flagged as suspicious
- overwrite behavior is required
3) Inspect before install (recommended)
clawhub inspect \x3Cslug>
4) Verify
clawhub list --workdir /Users/zququ/.openclaw/workspace --dir skills
CHIS aliases
Use these shortcuts in practice:
chis \x3Cslug>→ same as standard install in default workspace.chisf \x3Cslug>→ same as force install in default workspace.- If needed, set your session path context and explicitly pass an alternate path:
chis --workdir /alt/path \x3Cslug>chisf --workdir /alt/path \x3Cslug>
Failure handling
- If
Rate limit exceeded: retry after a few minutes. - If command fails due to path mismatch: ensure you are checking with same
--workdirand--dir skillsused during install. - If package not found: confirm correct slug via
clawhub search \x3Ckeyword>.
Safe defaults for this environment
-
Use:
--workdir /Users/zququ/.openclaw/workspace--dir skills
-
Already-known working example:
clawhub install proactive-agent --force --workdir /Users/zququ/.openclaw/workspace --dir skills
Notes
CHISFis a human-facing label I use for force-install style operations.- Keep all install actions explicit and repeatable; never rely on default working dir.
- Failure handling
- If install fails, run
clawhub inspect \x3Cslug> --workdir /Users/zququ/.openclaw/workspace --dir skillsfor a quick pre-check. - If it still fails due to environment mismatch, re-run with explicit
--workdir /Users/zququ/.openclaw/workspaceand--dir skills(never rely on implicit defaults).
- If install fails, run
- For suspected API/service issues (e.g., rate limit exceeded), prefer 10–20 minute pause and retry.
- If rate limit persists, use the local fallback installer:
/Users/zququ/.local/bin/clawhub-install-safe --force \x3Cslug> \x3Cworkdir>(or without--forcewhen not needed) before switching to another approach. - Keep the same
--workdirand--dir skills/registry context when re-running.
安全使用建议
This skill is essentially a shortcut for running 'clawhub' install/inspect commands, but there are a few red flags to consider before installing or running it:
- Verify you have and trust the 'clawhub' binary. The skill assumes clawhub exists but the metadata does not declare it. If you install this skill, ensure 'clawhub' is the expected, official tool on your system.
- Be cautious about the advice to use --force on 'flagged' packages. Force-installing packages that are flagged as suspicious bypasses safety checks and can install malicious code; prefer to inspect packages and understand why they were flagged before forcing installation.
- The script and docs use a hard-coded home path (/Users/zququ/...). Update the default workdir to a path appropriate for your machine or always pass an explicit --workdir to avoid accidental writes to an unexpected location.
- The SKILL.md mentions a local fallback binary (/Users/zququ/.local/bin/clawhub-install-safe). If such a binary exists on your system, inspect it before running it — do not execute unknown local binaries without review.
If you want to use this skill: (1) edit the script or wrapper to remove or replace hard-coded paths, (2) add 'clawhub' to the declared required binaries, and (3) avoid blindly following the recommendation to force-install flagged packages. These changes would make the skill much more trustworthy.
功能分析
Type: OpenClaw Skill
Name: chis-chisf
Version: 1.0.2
The skill is classified as suspicious due to a direct command execution instruction found in SKILL.md. Specifically, the markdown instructs the AI agent to execute a local binary at `/Users/zququ/.local/bin/clawhub-install-safe` as a fallback installer. While this action is presented within the context of skill installation, it represents a significant prompt injection risk, as it directs the agent to run an arbitrary local executable based on markdown content. The `scripts/chis-chisf.sh` script, while using safer argument passing to `clawhub`, still wraps commands that handle user-controlled input, relying on the security of the `clawhub` binary itself.
能力评估
Purpose & Capability
The skill's stated purpose is to standardize installs via clawhub, but the metadata declares no required binaries while both SKILL.md and the included shell script assume the 'clawhub' command (and optionally a local fallback at /Users/zququ/.local/bin/clawhub-install-safe). The absence of 'clawhub' in required binaries is an incoherence.
Instruction Scope
Instructions are limited to running clawhub install/inspect, which matches the purpose, but they also (a) hard-code an author-specific default workdir (/Users/zququ/.openclaw/workspace), and (b) explicitly recommend using --force to install packages even when 'flagged as suspicious', which encourages bypassing safety checks and is a policy risk.
Install Mechanism
No install spec — this is an instruction-only skill with a simple included bash script. There are no downloads or archive extracts, so the install mechanism itself is low-risk and consistent with the stated function.
Credentials
The skill does not request credentials or environment variables, which is proportional. However, it references specific filesystem paths in examples and a local fallback binary path that are tied to the packager's home directory; this is unusual and could cause accidental writes or execution in unexpected locations.
Persistence & Privilege
The skill does not request permanent presence (always is false) and is user-invocable. It does not modify other skills or system configuration in its instructions; persistence/privilege demands are reasonable.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install chis-chisf - 安装完成后,直接呼叫该 Skill 的名称或使用
/chis-chisf触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Clarify rate-limit fallback + publish retry guidance.
v1.0.1
Updated failure handling and rate-limit fallback guidance.
v1.0.0
Standardize workspace-aware skill install workflow with chis/chisf aliases.
元数据
常见问题
CHIS/CHISF 是什么?
Standardized skill install workflow using short aliases (chis/chisf) with force + force-install + workspace-aware lookup. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 451 次。
如何安装 CHIS/CHISF?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install chis-chisf」即可一键安装,无需额外配置。
CHIS/CHISF 是免费的吗?
是的,CHIS/CHISF 完全免费(开源免费),可自由下载、安装和使用。
CHIS/CHISF 支持哪些平台?
CHIS/CHISF 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 CHIS/CHISF?
由 Zephyr Ray(@zququ)开发并维护,当前版本 v1.0.2。
推荐 Skills