skill_install

This package appears to do what it claims, but the installer code has two practical safety issues you should consider before running it on a production machine: - Zip path traversal (zip-slip): the script calls zipfile.extractall() without sanitizing member paths. A malicious ZIP could include filenames like ../../etc/passwd or absolute paths and cause files to be written outside the intended temp folder. Always inspect ZIP contents before running (e.g., unzip -l my-skill.zip) and verify member paths. - Predictable temp dir and copy semantics: the script extracts to a fixed /tmp/openclaw_skill_temp and then uses shutil.copytree to overwrite the skills directory. An attacker on the same system could exploit the predictable temp path (symlink/TOCTOU). Also installing untrusted ZIPs as root can overwrite system-wide files. Recommendations: - Only install skill ZIPs from trusted sources and inspect their contents first (list files, check for .. or absolute paths, review scripts inside). - Run the installer as a non-root user and avoid running on production systems; prefer a sandbox or VM for initial testing. - Consider patching the script to use a secure temporary directory (tempfile.mkdtemp), validate/normalize zip paths before extraction, and refuse entries with absolute paths or '..' components. - Backup OpenClaw installation or test in a disposable environment before installing. If you can share the specific ZIP(s) you intend to install or run the script in a controlled environment, confidence in safety could be raised after verifying those archives and/or fixing the extraction logic.