ClawHub

SAFE-Bootstrapper

v1.0.0

Deterministic setup and remediation helper for installed OpenClaw skills. Resolve a target skill, apply sandbox-local remediation when safe, and produce a st...

0· 52·0 current·0 all-time
by@agentsey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with behavior: the skill is an instruction-only sandboxed preparer for other skills. It declares no env vars, no binaries, and does not attempt to perform network installs or require cloud credentials — all consistent with a local bootstrapper.
Instruction Scope
SKILL.md limits actions to sandbox-local deterministic primitives (git init, mkdir, copying env examples, rerunning local commands) and explicitly forbids network downloads, dependency installs, VCS commits, or host escapes. The only small ambiguity is the phrasing about 'asking the target for the first concrete setup step' — this implies interacting with the resolved target skill, but the skill also states it will not read SKILL.md unless necessary and will operate only within the current sandbox. Overall the runtime instructions remain within the stated purpose.
Install Mechanism
Instruction-only with no install spec and no code files; nothing is written to disk by an installer. README references a recommended sandbox image (including curl/jq) but the skill itself forbids using network downloads, so there is no hidden download/install behavior.
Credentials
No required environment variables, no primary credential, and no config paths requested. The skill's allowed actions (creating .env from examples, writing local files) are proportionate to a local bootstrapper. It explicitly refuses to ask users for real credentials.
Persistence & Privilege
always is false and disable-model-invocation is true (user-invocable only), so it cannot be auto-run by the model and does not request permanent elevated presence. It also forbids modifying VCS history or other skills' configs. This is an appropriate privilege footprint for the described function.
Assessment
This skill appears coherent and low-risk: it only performs sandbox-local, deterministic setup steps and forbids network installs and credential requests. Before using it, ensure you run it in a properly enforced sandbox (so file and network isolation are real). Be aware it may read and write files inside the target workspace (for example copying .env.example → .env) — remove any sensitive data from the workspace before running. Note also that it will not install dependencies or bring up services: if the target requires network installs, browser/OAuth flows, or databases you will need to handle those outside this skill. If you need higher assurance, review the produced JSON setup report and the tool_call/evidence entries after a run to confirm only expected sandbox-local actions were taken.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ek95cpad3yfkj6qssmxt8gh83vvp0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments