Remote Skill Engine

Cache and use skills from ClawHub and GitHub as if locally installed. Stores remote skills in local cache folder for offline use.

This skill implements exactly what it advertises — caching remote skills — but it does so in a risky way. Things to consider before installing: - The scripts disable TLS certificate verification when downloading remote files. That allows man-in-the-middle attackers to substitute malicious code. Do not run these scripts in production or on machines with sensitive data unless you fix the SSL behavior. - The tool downloads arbitrary scripts and marks them executable, then symlinks them into your agent's skills folder. That means untrusted upstream code can become a locally runnable skill. Only cache skills from repositories and authors you trust; inspect SKILL.md and any scripts before caching. - The skill calls external CLIs (clawhub, gh, date, python3) that are not declared in the metadata. Ensure those tools exist and you understand what credentials they use (e.g., GH tokens) before running. - The documentation references management scripts that are missing from the package; expect incomplete features. Recommended mitigations: - Do not run this on a host with sensitive credentials or production data. Run it in a disposable sandbox or container. - Patch the code to re-enable TLS verification (remove ssl.CERT_NONE usage) and consider verifying content integrity (checksums or git commit IDs) before making files executable. - Manually review remote SKILL.md and any downloaded scripts before caching; prefer using signed releases or pinned git SHAs rather than guessed raw URLs. - If you need this functionality, restrict auto-sync and remove any auto-execution behaviors; require explicit manual approval for each cached update. If you want, I can produce a patched version of the download functions that enforce TLS verification and add safety checks (e.g., prompt for approval, validate file types, compute & verify checksums) or a checklist for safely using this skill.

Type: OpenClaw Skill Name: remote-skill-engine Version: 1.0.0 The 'remote-skill-engine' skill is highly suspicious due to critical vulnerabilities that enable arbitrary code execution and Man-in-the-Middle (MITM) attacks. The `scripts/cache-skill.py` script allows downloading skills from arbitrary URLs (including `github://` and `https://` direct links), makes downloaded scripts executable, and then symlinks the entire cached skill directory into the agent's active `skills/` path, effectively treating any remote skill as a fully trusted local skill. This creates a severe supply chain risk. Compounding this, `scripts/cache-skill.py`, `scripts/execute-remote-skill.py`, and `scripts/fetch-skill.py` explicitly disable SSL certificate verification (`ctx.verify_mode = ssl.CERT_NONE`), making all remote content fetches vulnerable to MITM attacks, allowing an attacker to inject malicious code or instructions without detection.