Back to skill
Skillv1.0.1
ClawScan security
LeiAlexZhang/local-skill-installer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 12:41 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested actions and requirements match its stated purpose (installing a local skill zip) and there are no surprising env vars, installs, or hidden behaviors in the provided files.
- Guidance
- This skill appears to do exactly what it says: install a local skill zip. Before using it, manually inspect the zip you plan to install (open the archive and check SKILL.md, _meta.json, and any scripts) and only install packages from trusted sources. Prefer installing into a sandbox or backup your ~/.openclaw/skills directory first. Note that the skill can be invoked by the agent (default behavior) — avoid giving the agent carte blanche to run installers on your machine or ensure you provide the precise, trusted zip path at invocation.
Review Dimensions
- Purpose & Capability
- okThe name/description (local installer) align with the instructions: unzip a local package, validate its SKILL.md/_meta.json, and move it into an OpenClaw skills directory. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md limits actions to local zip handling, validation, moving files, and cleanup. It explicitly forbids running scripts inside zips and avoids overwriting existing skill folders. The only potentially broad step is determining the 'correct' skills directory (workspace vs ~/.openclaw), which is reasonable for an installer.
- Install Mechanism
- okThis is instruction-only with no install spec and no downloads or archive extraction by the skill itself; nothing is written to disk by the skill bundle. Risk from the install mechanism is minimal.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill's actions (file system move of a local zip's contents) are proportional to its purpose.
- Persistence & Privilege
- noteThe skill is not marked always:true (good). Model invocation is allowed (default), so an agent could call this skill autonomously; however, SKILL.md expects an explicit local zip path from the user. Be aware autonomous invocation combined with broadly accessible local files could allow an agent to install local packages without explicit interactive consent if the agent chooses a local path.