Install Skills from Clawhub for all Agents
WarnAudited by ClawScan on May 12, 2026.
Overview
This skill is transparent about installing global OpenClaw skills, but its helper performs forceful directory replacement using unvalidated path inputs, so it should be reviewed before use.
Use this only when you intentionally want to change the machine-wide OpenClaw skills directory. Confirm the exact ClawHub slug, avoid any slug containing slashes or '..', keep backups enabled, and consider pinning a version before promoting a skill globally.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or unsafe slug could cause the helper to operate outside the intended skill directory, potentially replacing or deleting more files than the user expected.
The user-provided slug is used directly to build filesystem paths that are later recursively removed and replaced. The artifacts do not show validation that the slug cannot contain path traversal or path separators.
const slug = args.slug;
const stagedDir = path.join(layout.stagingRoot, slug);
const globalDir = path.join(layout.globalRoot, slug);
...
removeDir(globalDir);
...
if (!args.keepStaging) {
removeDir(stagedDir);
}Validate slugs against a strict ClawHub slug pattern, reject slashes and '..', resolve final paths, and ensure they remain inside the intended staging and global skills directories before any remove or copy operation.
Running the skill executes local commands with the user's permissions. This is expected for installing skills, but failures or unsafe inputs can affect the local OpenClaw environment.
The helper executes local binaries through execFileSync, including the OpenClaw CLI and python3 for backup creation.
const { execFileSync } = require('child_process');
...
return execFileSync(cmd, args, {Run it only for trusted ClawHub slugs, keep the default backup behavior enabled, and ensure the required openclaw and python3 binaries are the expected ones on the PATH.
A bad or compromised installed skill could affect future agent sessions that rely on the global skills directory.
The skill intentionally promotes an installed skill into a global location used across the machine's OpenClaw agents.
make the global copy under the machine's OpenClaw home `skills/` directory the final source of truth
Install only trusted skills, verify the slug and version, and review the installed skill before making it the global source of truth.
Installing or upgrading a skill from the registry can introduce new instructions or code into the user's agent environment.
The helper installs a ClawHub package by slug, using the latest version by default unless a version is provided.
const args = ['skills', 'install', slug, '--agent', layout.agent, '--force'];
if (version) args.push('--version', version);Prefer pinning a known version when reproducibility matters, and inspect the installed package metadata and files after installation.