Skills Setup

This release is a plugin-based implementation path for openclaw/openclaw#80213, which tracks skill author-defined setup hooks for running skill-supplied scripts after install/update. Skills Setup intentionally exposes a manual, admin-only `skills.setup` Gateway RPC. Unlike a future core install/update hook, this plugin does not automatically run setup scripts after skill install or update. A caller with `operator.admin` scope must invoke setup for a specific installed skill. The plugin intentionally executes trusted skill-declared local bash setup scripts. This is the purpose of the plugin, and execution is bounded by admin-only access, setup-script path validation, skill-directory containment checks, and a configurable timeout. Version 2026.5.16-1 addresses grouped skill basename collisions. Callers may use group-qualified selectors such as `team/demo`; if a basename-only selector matches multiple grouped installed skills, the plugin rejects the request instead of choosing the first match. Version 2026.5.16-2 tightens setup environment handling. Configured skill env and request env are explicit inputs to the setup process, while caller overrides for execution-context variables such as `HOME`, `PATH`, `SKILL_DIR`, `XDG_CONFIG_HOME`, and `XDG_DATA_HOME` are blocked. Bash startup/control variables, exported bash functions, and loader-injection prefixes such as `BASH_ENV`, `ENV`, `SHELLOPTS`, `BASHOPTS`, `BASH_FUNC_*`, `LD_*`, and `DYLD_*` are also blocked or cleared from the setup process. Environment variables may still intentionally include credentials needed by a trusted setup workflow. Users should pass only narrowly scoped secrets, only to trusted skills, and only after reviewing the target setup script. The plugin intentionally does not record setup completion. Each invocation reruns the declared setup script, so setup scripts must be idempotent and users should invoke setup deliberately.