vibe-coding-skills-installer
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: vibe-coding-skills-installer Version: 1.0.2 The skill bundle acts as an installer for third-party coding tools and performs high-risk system operations, including global package installation (`npm install -g @fission-ai/openspec`) and the execution of setup scripts from cloned repositories (`./setup` in the gstack repo). While these actions are consistent with the stated purpose in `SKILL.md`, the practice of downloading and immediately executing external scripts (`scripts/install.sh`) and modifying global environments poses a significant supply chain risk. No evidence of intentional malice was found, but the broad shell execution capabilities and reliance on external GitHub repositories (e.g., garrytan/gstack, obra/superpowers) warrant a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A later upstream change or compromise could install different code than what was reviewed here.
The installer pulls current remote package/repository contents without pins, checksums, or integrity verification before adding them to the user's agent environment.
npm install -g @fission-ai/openspec@latest; git clone --single-branch --depth 1 "$GSTACK_REPO" "$gstack_dir"
Pin npm versions and git commits/tags, show exact resolved sources before installation, and require explicit approval for unpinned updates.
A downloaded or pre-existing setup script could run arbitrary local commands, not merely copy skill files.
After cloning or updating gstack, the script executes the repository's setup program with the user's local permissions.
(cd "$gstack_dir" && ./setup --host "$host_flag")
Display and confirm the exact setup script before running it, verify the repository origin and commit, and consider sandboxing or a dry-run mode.
A bad install choice or bad upstream update could affect future agent sessions and collaborators, not just the current task.
Project and team-mode installs can propagate persistent agent instructions through a repository or team setup, but the artifacts do not clearly show changed files, rollback steps, or containment limits.
Project-level ... The skill travels with the repo and is available to all contributors. ... Global + team mode — Global install + configure the current project for team auto-updates
Require an explicit team-mode confirmation, list all files/configuration changes, avoid auto-updates by default, and provide an uninstall/rollback procedure.