← 返回 Skills 市场
461
总下载
0
收藏
4
当前安装
2
版本数
在 OpenClaw 中安装
/install skill-safe-install
功能描述
Skills 安全安装工具 - 整合 Vetter 代码审查 + ClawHub 评分 + ThreatBook 沙箱扫描三层验证
安全使用建议
This skill appears to do what it says (local vetting + ClawHub rating + ThreatBook sandbox), but it will package and upload entire skill code to a third‑party service. Before installing, consider: 1) Do not alias/overwrite your `clawhub` command system-wide until you’ve tested the script — that alias would make every install automatically upload code to ThreatBook. 2) Review scripts/safe-install.mjs yourself to confirm exactly what is uploaded and whether temporary directories are cleaned. 3) Be careful about placing sensitive or proprietary skills behind this flow; the tool warns not to upload secrets, but it is your responsibility to prevent that. 4) The README suggests echoing the API key into ~/.openclaw/.env — ensure your runtime actually loads that file or export the env var in your shell/CI so the script can authenticate. 5) Use --dry-run first and run the tool in a controlled environment (non-prod user) to observe behavior. If you must use it in CI, restrict the scanned artifacts to non-sensitive samples or ensure ThreatBook usage complies with your privacy policies.
功能分析
Type: OpenClaw Skill
Name: skill-safe-install
Version: 2.0.1
The skill's stated purpose is to enhance security by vetting other skills, which is benign. However, the `scripts/safe-install.mjs` script uses `child_process.execSync` to execute `clawhub` commands with user-provided `skillName` input. Although the `skillName` is double-quoted, this is insufficient to prevent shell injection if a malicious `skillName` contains crafted characters (e.g., `"; evil_command; echo "`). This constitutes a critical shell injection vulnerability (RCE risk) that could allow an attacker to execute arbitrary commands on the system, classifying the skill as suspicious despite its benevolent intent.
能力评估
Purpose & Capability
Name/description match what the package does: it vetts skill code, queries ClawHub for ratings, and uploads a packaged skill to ThreatBook for sandboxing. Required binaries (node, curl, tar, zip) and THREATBOOK_API_KEY are appropriate for the documented functionality.
Instruction Scope
The runtime instructions and the included script download the target skill via `clawhub install`, scan files locally, then package and upload the skill to the external ThreatBook sandbox. That behavior can leak entire skill source trees (possibly containing sensitive code or secrets). The README suggests aliasing/wrapping `clawhub install` in your shell to force-check every install, which would cause automatic uploads of all skills to the third-party sandbox. The SKILL.md also instructs writing the API key to ~/.openclaw/.env (which is not the same as exporting an env var), a potential operational mismatch.
Install Mechanism
There is no remote install step — the script is included in the skill bundle (scripts/safe-install.mjs), so nothing is fetched/installed from arbitrary URLs at install time. The script uses child_process/execSync to run clawhub and other shell commands, which is expected for a wrapper tool but increases runtime risk if invoked with elevated privileges or used as an automatic wrapper.
Credentials
The only required env var is THREATBOOK_API_KEY (primary credential), which is justified for uploading files to ThreatBook. However: 1) Uploading skill archives to a third-party sandbox will transmit potentially sensitive code/data. 2) The README suggests storing the key in ~/.openclaw/.env rather than exporting it; unless your runtime sources that file, the script may not see the key. 3) The script runs `clawhub` commands which may require ClawHub credentials (CLAWHUB_TOKEN) in some environments—this token is mentioned only as optional in docs, but failure to authenticate could change behavior. These are proportional to the stated purpose but present privacy/operational concerns.
Persistence & Privilege
The skill does not set always:true and does not auto-enable itself. However, SKILL.md recommends adding an alias/function to ~/.bashrc that overrides `clawhub` to route installs through this tool; if a user follows that, it effectively forces the tool into all install workflows and increases its blast radius. The skill itself does not automatically persist or modify other skills' configs, but the recommended integration pattern can create persistent, automatic behavior.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-safe-install - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-safe-install触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.1
v2.0.1 更新:新增 Skill-Vetter 代码审查作为第一层检查,整合三层验证流程;新增 --auto 自动模式;统一展示复核结果摘要;优化决策矩阵和用户体验
v2.0.0
v2.0 重大更新:新增 Skill-Vetter 代码审查作为第一层检查,整合三层验证流程;新增 --auto 自动模式;统一展示复核结果摘要;优化决策矩阵和用户体验
元数据
常见问题
Skill Safe Install 是什么?
Skills 安全安装工具 - 整合 Vetter 代码审查 + ClawHub 评分 + ThreatBook 沙箱扫描三层验证. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 461 次。
如何安装 Skill Safe Install?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-safe-install」即可一键安装,无需额外配置。
Skill Safe Install 是免费的吗?
是的,Skill Safe Install 完全免费(开源免费),可自由下载、安装和使用。
Skill Safe Install 支持哪些平台?
Skill Safe Install 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Safe Install?
由 想开电动车(@chj0w0)开发并维护,当前版本 v2.0.1。
推荐 Skills