ClawHub
Back to skill
v0.1.0

Howtoletmyagent Installer

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:14 AM.

Analysis

The skill is transparent about being an installer, but it can install persistent agent skills and run commands supplied by remote manifests, so users should review it carefully before use.

GuidanceBefore installing, review the manifest source, every file to be written, the target path, and any CLI command. Avoid approving commands that look like shell scripts or do more than install the intended skill.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
If a CLI install is approved, use the exact command supplied by the manifest.

A remote manifest can supply a local CLI command for the agent to run. Although approval is required, the artifact does not clearly restrict the command to a known-safe installer command.

User impactA user could be asked to approve a command that modifies the local environment or installs unreviewed behavior.
RecommendationOnly run commands that are clearly a documented ClawHub/OpenClaw install command, show the full command to the user, and reject shell scripts, chained commands, or commands outside the installer purpose.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Fetch the manifest JSON... create a local workspace skill folder and write the manifest files exactly as provided.

The skill installs files from a remote manifest, but the artifacts do not show integrity checks, signatures, pinned versions, or provenance verification for those files.

User impactIf the remote manifest or host is compromised or changed, the user may install a different or unsafe companion skill.
RecommendationPrefer verified ClawHub packages, signed or checksummed manifests, pinned versions, and a clear review step showing every file and target path before installation.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
After install, tell the user to start a new session with `/new` or restart the gateway so OpenClaw reloads the skill.

The installed companion skill is meant to persist and become active in later sessions. This is disclosed and aligned with the installer purpose.

User impactThe agent's available skills may remain changed after the current session.
RecommendationReview installed skills after use and make sure the user knows how to remove or disable any companion skill they no longer want.