Sageox Distill

Type: OpenClaw Skill Name: sageox-distill Version: 0.2.1 The skill demonstrates high security maturity and follows best practices for agentic tools. It includes explicit path validation rules in SKILL.md to prevent shell injection, uses SHA256 checksum verification for its binary installer (scripts/install-ox-curl.sh), and treats its own persistent state files as untrusted data. The installation logic avoids sudo and uses safe JSON construction via jq to prevent injection during state recording.