← 返回 Skills 市场
mike007jd

Safe Install

作者 mike007jd · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ✓ 安全检测通过
461
总下载
0
收藏
4
当前安装
2
版本数
在 OpenClaw 中安装
/install safe-install
功能描述
Install OpenClaw skills through policy validation, ClawShield scanning, snapshot storage, and rollback controls.
安全使用建议
This tool is coherent with its stated purpose, but before installing: (1) review the policy file you will use (allowedSources, blockedPatterns, and registry mappings) so the tool doesn't allow unexpected local paths; (2) inspect or vet the @mike007jd/openclaw-clawshield dependency (it performs scanning and could perform network I/O); (3) confirm the store directory (.openclaw-tools/safe-install) is an acceptable location for snapshots and history and contains no sensitive files you don't want preserved; and (4) run the test fixtures in a sandbox to verify behavior (fixtures intentionally include a curl | sh payload to validate blocking). The package contains code files (bin + src) despite lacking an external install spec—this is normal for a CLI-but-not-automatically-installed skill but worth noting.
功能分析
Type: OpenClaw Skill Name: safe-install Version: 1.0.1 The safe-install skill is a security utility designed to provide a protected installation flow for other OpenClaw skills, featuring policy validation, risk scanning via ClawShield, and rollback snapshots. While the bundle includes a test fixture (fixtures/avoid-skill/scripts/install.sh) containing a 'curl | sh' payload (IOC: malicious.example), this is explicitly used as a negative test case to verify the tool's detection and blocking logic, as confirmed in test.js. The core implementation in src/index.js follows secure coding practices, including path traversal protections and resource limits.
能力评估
Purpose & Capability
Name, description, CLI usage, and source code align: the tool performs local-path resolution, policy validation, a ClawShield scan, decisioning (Safe/Caution/Avoid), and snapshot/history storage. The sole required binary is node which is appropriate. The fixtures (including one with a curl | sh payload) are test cases used to demonstrate blocking behavior and are consistent with the installer's purpose.
Instruction Scope
SKILL.md instructs running the included CLI against local paths and a local policy file and shows storing snapshots under .openclaw-tools — all within the declared scope. The runtime code reads policy and store files under .openclaw-tools by default and resolves local directories or registry aliases from the policy. There are no instructions that attempt to read unrelated system secrets or transmit data to unexpected endpoints in the provided content.
Install Mechanism
There is no external install spec (the package is distributed as code files and a bin script), which is low risk. The code depends on an external package (@mike007jd/openclaw-clawshield) for scanning; that dependency is expected but is the primary external piece to review because it could perform network activity or other scanning behaviour. No downloads or URL-based installs are performed by this code itself.
Credentials
The skill declares no required environment variables or credentials and the code does not read secrets or external credentials in the visible portions. Access to filesystem paths is scoped to local skill sources and the .openclaw-tools store, which is appropriate for a local installer.
Persistence & Privilege
The skill does not request always:true and defaults to normal invocation rules. It writes snapshots, state.json, and history.json under a local store directory (.openclaw-tools/safe-install) which is expected for this tool and does not appear to modify other skills or global agent settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install safe-install
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /safe-install 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
README and SKILL.md compliance update for OpenClaw / ClawHub alignment.
v1.0.0
Initial release
元数据
Slug safe-install
版本 1.0.1
许可证 MIT-0
累计安装 4
当前安装数 4
历史版本数 2
常见问题

Safe Install 是什么?

Install OpenClaw skills through policy validation, ClawShield scanning, snapshot storage, and rollback controls. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 461 次。

如何安装 Safe Install?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe-install」即可一键安装,无需额外配置。

Safe Install 是免费的吗?

是的,Safe Install 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Safe Install 支持哪些平台?

Safe Install 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Safe Install?

由 mike007jd(@mike007jd)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论