Skill Safe Install (L0 Strict)
ReviewAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is a coherent safety workflow for reviewing and installing other skills, with clear consent gates for installs and trust-list changes.
This skill appears safe to install as an instruction-only secure-install checklist. Before using it to install another skill, still review the target skill's permissions carefully, treat the temporary workdir as limited isolation rather than a full security sandbox, and avoid enabling persistent trust unless you explicitly want that behavior.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing a third-party skill can change what the agent can do in future sessions.
The skill instructs the agent to run CLI install commands for other skills. This can change the user's agent environment, but it is central to the stated secure-install purpose and is gated by review and consent steps.
`clawhub --workdir <temp_dir> --dir skills install <skill>` ... `clawhub install <skill>`
Only approve the formal install after reviewing the skill identity, permissions, risk rating, and sandbox result.
Persisting trust for a skill may reduce future prompts or checks for that skill.
The skill can guide a persistent trust-list change, which affects future trust decisions. The artifact makes this optional, consent-based, backed up, and idempotent.
Only perform this step when user explicitly asks to persist trust. ... `skills.allowBundled`
Keep the trust-write step skipped unless you understand and explicitly want the selected skill to be trusted persistently.