Starter Flow
v1.0.0快速一键安装 OpenClaw 五个核心技能,支持自主选择和中英文切换,提供新手引导,本地安全运行并可随时卸载。
⭐ 0· 342·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name, description, README, SKILL.md and install.sh all align: this is a front-end installer for five OpenClaw skills. Minor metadata inconsistency: the registry metadata lists no required binaries, but SKILL.md metadata and the shipped install.sh assume a Bash runtime (the script requires bash). This is expected for an interactive installer but should be synchronized.
Instruction Scope
SKILL.md and install.sh remain within the described scope: they display a selection UI, confirm user choices, and call 'clawhub install <skill>' for each selected skill. One item to note: the README and script assume network access to clawhub/clawhub.ai for installing skills and troubleshooting (e.g., ping clawhub.ai). The SKILL.md's wording '本地运行, 无云端依赖' appears to refer to runtime behavior of the installed skills, but installation uses the platform CLI which may fetch packages over the network—this is not hidden, but it is a slight wording mismatch.
Install Mechanism
No install spec is present and the included install.sh only invokes an existing CLI (clawhub) to perform installs. There are no downloads from arbitrary URLs, no extracted archives, and no code obfuscation. This is a low-risk install pattern provided the clawhub CLI itself is trusted.
Credentials
The skill declares no required environment variables, reads no secrets, and the script does not access config paths or credential files. It only runs interactive logic and calls clawhub; requested privileges are proportional to installing other skills.
Persistence & Privilege
No 'always: true' flag, default invocation settings apply. The script does not modify other skills' configuration files directly (it delegates installation to clawhub). There is no evidence of attempts to persistently elevate privileges or change global agent settings beyond normal skill installation.
Assessment
This is an interactive Bash installer that delegates actual installation to your 'clawhub' CLI. Before running: 1) Confirm that you trust the clawhub client and the source it pulls packages from (network downloads will occur when installing the listed skills). 2) Review or sandbox-run install.sh if you want to inspect behavior locally (it only calls 'clawhub install' and prints prompts). 3) Be aware of a minor metadata mismatch: the script requires bash but the registry entry omitted that—this is not dangerous but worth noting. 4) After installation, inspect each installed skill (their source/homepage and requested permissions) before enabling autonomous invocation. If you do not trust clawhub or network installs, do not run the script.Like a lobster shell, security has layers — review code before you run it.
latestvk978xvcyz3se5enwcpfzwfey6s81w13d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.