skillhub-auto-installer
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may trust the skill as read-only and overlook scripts that can change the local agent environment.
The documentation makes strong search-only and no-risk claims, but other supplied files include installation and local security-scanning scripts. This under-discloses the package's effective capabilities.
此技能 **仅提供搜索功能** - **不执行安装**、不访问本地文件系统、不读取本地配置 ... - 此技能 **仅搜索**,无安全风险
Remove the installer/audit scripts or clearly disclose them in SKILL.md and metadata, with explicit user approval requirements.
Running this script can add persistent new capabilities or code to the user's agent environment.
This installs a user-specified remote skill into the OpenClaw workspace with automatic confirmation/copy flags, which is a high-impact mutation rather than read-only search.
cd /home/gem/workspace/agent SKILLS_API_URL=https://skills.volces.com/v1 npx -y skills add "$URL" -s "$SKILL_NAME" -a openclaw -y --copy
Do not run the installer scripts unless you intentionally want installation behavior; require explicit confirmation and review of the target skill before any `skills add` command.
A remote or mistaken skill source could be installed into the agent environment under the appearance of a search helper.
The script pulls remote skill content via an unpinned `npx` CLI and a URL derived from user-provided owner/repo input, creating a supply-chain installation path that is not disclosed by the search-only description.
URL="https://skills.volces.com/skills/$OWNER/$REPO" cd /home/gem/workspace/agent SKILLS_API_URL=https://skills.volces.com/v1 npx -y skills add "$URL" -s "$SKILL_NAME" -a openclaw -y --copy
Pin tool versions, verify remote skill provenance, and make installation a separate, clearly disclosed workflow with manual review.
Invoking the checking workflow can run local code outside the advertised search-only behavior.
This executes another installed skill's audit script, contradicting the SKILL.md statement that this skill does not run security audits.
if [ -f "$SKILLSENTRY_PATH/scripts/audit.sh" ]; then
bash "$SKILLSENTRY_PATH/scripts/audit.sh" 2>/dev/null || trueDisclose this execution path clearly, and only run local audit scripts after the user understands which installed skill's code will execute.