← 返回 Skills 市场
dongyulin89

Skill Install Guard

作者 dongyulin89 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
373
总下载
1
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-install-guard
功能描述
安全拦截型技能,确保安装任何技能前都经过 skill-vetter 的安全审查,输出审查报告并要求用户明确确认,禁止私自安装。
安全使用建议
This skill is internally consistent with its purpose and doesn't request extra credentials, but before enabling it: 1) confirm how your skill-vetter implementation behaves — ensure any 'online review' option does not upload code or secrets to an untrusted endpoint; 2) verify clawhub and skill-vetter are trusted tools on your system (they will be invoked and may access the network); 3) be aware it will read local workspace skill folders and may record install decisions to agent memory—avoid vetting sensitive/private repos unless you trust the vetter; and 4) test the workflow with a harmless skill to confirm it truly halts installation until you explicitly confirm.
功能分析
Type: OpenClaw Skill Name: skill-install-guard Version: 1.0.0 The skill-install-guard bundle is a defensive security utility designed to intercept skill installation commands and enforce a mandatory security review process. It utilizes a secondary tool (skill-vetter) to analyze code for risks and requires explicit user confirmation before executing any installation via 'clawhub install'. The logic in SKILL.md is transparent, focuses on safety and user consent, and contains no evidence of malicious intent, data exfiltration, or unauthorized execution.
能力评估
Purpose & Capability
The name/description (an install-time vetting guard) matches the instructions: intercept install intent, run checks with skill-vetter, produce a report, request explicit user confirmation, then call clawhub install. It does not request unrelated credentials or privileged OS access.
Instruction Scope
Instructions legitimately read skill files (local workspace), call clawhub info/install, clone or download remote repos for review, and may write an install history to memory. These actions are appropriate for a vetting guard, but the doc also references an 'online review' mode for skill-vetter which could upload skill code or metadata to an external service — that is not spelled out and could leak sensitive code if enabled.
Install Mechanism
Instruction-only skill with no install spec and no bundled code. Nothing is written to disk by the skill itself beyond optional recordings to memory; any downloading/cloning is tied to vetting remote skills (expected).
Credentials
The skill declares no environment variables, credentials, or config paths. The SKILL.md does instruct reading local workspace skill folders and optional memory files (reasonable for vetting). There are no unexplained secret requests.
Persistence & Privilege
always is false and there is no attempt to persist self-enabled configuration outside optional install-history entries in memory. It does not request elevated or cross-skill configuration changes.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-install-guard
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-install-guard 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
skill-install-guard v1.0.0 - New initial release of a security enforcement skill for installing other skills. - Intercepts all install requests, pauses the action, and performs security audits via skill-vetter before installation proceeds. - Outputs detailed safety review reports and strictly requires explicit user confirmation before installing. - Disallows all unapproved or automatic installs; no installation happens without an explicit "yes". - Supports scenarios like batch install attempts, third-party sources, and skill updates, always enforcing the security workflow.
元数据
Slug skill-install-guard
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Skill Install Guard 是什么?

安全拦截型技能,确保安装任何技能前都经过 skill-vetter 的安全审查,输出审查报告并要求用户明确确认,禁止私自安装。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 373 次。

如何安装 Skill Install Guard?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-install-guard」即可一键安装,无需额外配置。

Skill Install Guard 是免费的吗?

是的,Skill Install Guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skill Install Guard 支持哪些平台?

Skill Install Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Install Guard?

由 dongyulin89(@dongyulin89)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论