← 返回 Skills 市场
ClawJection
作者
Gregory Potemkin
· GitHub ↗
· v1.0.0
· MIT-0
103
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install clawjection
功能描述
Install and apply ClawJection bundles when a user asks to install a ClawJection, run a ClawJection, or configure an OpenClaw instance from a ClawJection repo...
使用说明 (SKILL.md)
ClawJection
Use this skill when the user asks you to install or run a ClawJection.
What ClawJection Is
ClawJection is a bundle format for modifying a local OpenClaw instance so it adopts a specific role or capability set.
A ClawJection bundle has:
- a required
clawjection.yaml - an entrypoint declared by that manifest
- arbitrary bundle internals chosen by the bundle author
The entrypoint is expected to:
- modify the OpenClaw workspace or local runtime
- install tools, skills, or auth setup when needed
- return a structured result JSON with ordered
followups
Install Flow
- Get the bundle locally.
- Find the bundle root by locating
clawjection.yaml. - Read
clawjection.yamland resolveentrypoint.path. - Run the entrypoint from the bundle root with the
applyaction. - By default, let the entrypoint discover OpenClaw config from
~/.openclaw/openclaw.json. - If needed, pass
--openclaw-config-path \x3Cpath>. - Treat stdout as agent-readable hints.
- Read the structured result JSON from
CLAWJECTION_RESULT_PATH. - Execute the returned ordered
followups.
Source Types
Git repository
- Clone the repo to a temporary local directory.
- If the repo contains multiple bundles, choose the directory containing the intended
clawjection.yaml.
Archive URL or local zip
- Download or unpack it to a temporary local directory.
- Identify the bundle root by locating
clawjection.yaml.
Local directory
- Use it directly if it contains
clawjection.yaml.
Execution Rules
- Run from the bundle root so relative paths in the bundle resolve correctly.
- Do not assume the bundle layout beyond
clawjection.yamland the declared entrypoint. - If the bundle installs CLIs or skills, verify they were actually installed before claiming success.
- If the result says
needs_user_action, do not treat the setup as finished; perform thefollowups.
Safety
- Review what the entrypoint appears to do before running untrusted bundles.
- Tell the user when a bundle will overwrite core OpenClaw files such as
IDENTITY.md. - Never claim a remote skill or CLI is installed unless the install command succeeded.
- Keep secrets out of workspace files unless the bundle explicitly requires that behavior and the user agrees.
References
- Read
standard/v1.mdin this repo for the full execution contract. - Read
schemas/clawjection.schema.jsonandschemas/result.schema.jsonwhen you need the exact manifest or result structure.
安全使用建议
This skill lets the agent download and execute arbitrary 'ClawJection' bundles that can modify your local OpenClaw runtime and install software. Before installing or using this skill, consider: 1) Only use bundles from sources you fully trust; 2) Require explicit, manual confirmation before running any bundle entrypoint or before applying any followups; 3) Inspect clawjection.yaml and the entrypoint code yourself (or in a sandbox) before execution; 4) Run bundle application inside an isolated VM/container or ephemeral environment with restricted network/filesystem access; 5) Back up ~/.openclaw/openclaw.json, IDENTITY.md, and other critical OpenClaw files before applying a bundle; 6) Be cautious with bundles that request or create CLAWJECTION_RESULT_PATH or other env vars — the SKILL.md references CLAWJECTION_RESULT_PATH but does not declare it; 7) Prefer signed or provenance-verified bundles and add limits on followup actions (never execute followups automatically). If you need this capability but want safer behavior, ask the skill author to: declare required env vars and file accesses, require interactive confirmation for destructive or persistent changes, document a trust/provenance model, and recommend sandboxing steps.
功能分析
Type: OpenClaw Skill
Name: clawjection
Version: 1.0.0
The skill defines a framework for the AI agent to download, unpack, and execute arbitrary code ('entrypoints') from remote Git repositories or URLs via the 'ClawJection' format. While it includes a safety section advising the agent to review code, the core logic in SKILL.md instructs the agent to run external scripts and perform 'ordered followups' dictated by untrusted third-party manifests (clawjection.yaml). This creates a significant risk of Remote Code Execution (RCE) and unauthorized environment modification by design.
能力评估
Purpose & Capability
Name/description and the SKILL.md are aligned: this skill is a policy/instruction set for installing and applying ClawJection bundles. The actions described (locating clawjection.yaml, running an entrypoint, modifying OpenClaw workspace, installing tools/skills) are expected for this purpose. However, the capability implies executing arbitrary bundle code and modifying local runtime state — a significant escalation that should be explicit and constrained by trust or sandboxing controls.
Instruction Scope
The instructions direct the agent to clone or download arbitrary repos/archives, run the bundle's entrypoint from the bundle root (which may execute arbitrary commands), read local config (~/.openclaw/openclaw.json) by default, read a structured result from CLAWJECTION_RESULT_PATH, and then execute returned ordered 'followups'. There is no required explicit step enforcing user confirmation, sandboxing, or limiting followup actions. The agent is told to treat stdout as hints and to execute followups — this grants broad discretion and potential for unintended changes or exfiltration.
Install Mechanism
No install spec or code files are present (instruction-only), which lowers the formal install risk surface. The primary risk arises from the runtime behavior described in SKILL.md (downloading/running bundle entrypoints), not from any packaged install process.
Credentials
requires.env and primary credential are empty, but the instructions implicitly require access to local OpenClaw configuration (~/.openclaw/openclaw.json) and rely on CLAWJECTION_RESULT_PATH for results (this environment variable is referenced but not declared). The skill may need network access, filesystem write permission, and the ability to invoke installers — none of which are scoped or restricted. That mismatch between declared requirements and the actual environment/file access is concerning.
Persistence & Privilege
always:false (normal), but the skill explicitly instructs running bundle entrypoints that can install CLIs/skills or modify core OpenClaw files (e.g., IDENTITY.md). Although the skill does not itself request permanent presence, it provides a mechanism to install persistent components into the agent environment and to run arbitrary followups, which is a significant privilege. No safeguards require user approval for persistent changes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawjection - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawjection触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the clawjection skill.
- Supports installing and applying ClawJection bundles from Git repositories, archives, or local directories.
- Handles ClawJection install flow, including discovering the bundle, running the entrypoint, and processing results.
- Ensures safety by notifying users about changes to core files and requiring verification of installations.
- Executes ordered follow-up actions based on the bundle output.
元数据
常见问题
ClawJection 是什么?
Install and apply ClawJection bundles when a user asks to install a ClawJection, run a ClawJection, or configure an OpenClaw instance from a ClawJection repo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 103 次。
如何安装 ClawJection?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawjection」即可一键安装,无需额外配置。
ClawJection 是免费的吗?
是的,ClawJection 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ClawJection 支持哪些平台?
ClawJection 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ClawJection?
由 Gregory Potemkin(@nmadeleidev)开发并维护,当前版本 v1.0.0。
推荐 Skills