ClawHub

Safe Install

v1.0.1

Install OpenClaw skills through policy validation, ClawShield scanning, snapshot storage, and rollback controls.

0· 421·4 current·4 all-time
by@mike007jd
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, CLI usage, and source code align: the tool performs local-path resolution, policy validation, a ClawShield scan, decisioning (Safe/Caution/Avoid), and snapshot/history storage. The sole required binary is node which is appropriate. The fixtures (including one with a curl | sh payload) are test cases used to demonstrate blocking behavior and are consistent with the installer's purpose.
Instruction Scope
SKILL.md instructs running the included CLI against local paths and a local policy file and shows storing snapshots under .openclaw-tools — all within the declared scope. The runtime code reads policy and store files under .openclaw-tools by default and resolves local directories or registry aliases from the policy. There are no instructions that attempt to read unrelated system secrets or transmit data to unexpected endpoints in the provided content.
Install Mechanism
There is no external install spec (the package is distributed as code files and a bin script), which is low risk. The code depends on an external package (@mike007jd/openclaw-clawshield) for scanning; that dependency is expected but is the primary external piece to review because it could perform network activity or other scanning behaviour. No downloads or URL-based installs are performed by this code itself.
Credentials
The skill declares no required environment variables or credentials and the code does not read secrets or external credentials in the visible portions. Access to filesystem paths is scoped to local skill sources and the .openclaw-tools store, which is appropriate for a local installer.
Persistence & Privilege
The skill does not request always:true and defaults to normal invocation rules. It writes snapshots, state.json, and history.json under a local store directory (.openclaw-tools/safe-install) which is expected for this tool and does not appear to modify other skills or global agent settings.
Assessment
This tool is coherent with its stated purpose, but before installing: (1) review the policy file you will use (allowedSources, blockedPatterns, and registry mappings) so the tool doesn't allow unexpected local paths; (2) inspect or vet the @mike007jd/openclaw-clawshield dependency (it performs scanning and could perform network I/O); (3) confirm the store directory (.openclaw-tools/safe-install) is an acceptable location for snapshots and history and contains no sensitive files you don't want preserved; and (4) run the test fixtures in a sandbox to verify behavior (fixtures intentionally include a curl | sh payload to validate blocking). The package contains code files (bin + src) despite lacking an external install spec—this is normal for a CLI-but-not-automatically-installed skill but worth noting.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis
Binsnode
installervk979frtqf1xs537mm6x97jz2vs83qghklatestvk979frtqf1xs537mm6x97jz2vs83qghkopenclawvk979frtqf1xs537mm6x97jz2vs83qghkpolicyvk979frtqf1xs537mm6x97jz2vs83qghkrollbackvk979frtqf1xs537mm6x97jz2vs83qghksecurityvk979frtqf1xs537mm6x97jz2vs83qghk
421downloads
0stars
2versions
Updated 3w ago
v1.0.1
MIT-0
@mike007jd
installerlatestopenclawpolicyrollbacksecurity
Download

Safe Install

Add a local security review layer in front of skill installation.

When to use

  • You want policy-driven review before activating a local skill.
  • You need ClawShield scanning and human approval for medium or high risk findings.
  • You want rollback-ready snapshots and install history for locally managed skills.

Commands

node {baseDir}/bin/safe-install.js /path/to/skill --config ./policy.json --store ./.openclaw-tools/safe-install
node {baseDir}/bin/safe-install.js /path/to/skill --yes
node {baseDir}/bin/safe-install.js /path/to/skill --force
node {baseDir}/bin/safe-install.js history --format table
node {baseDir}/bin/safe-install.js rollback my-skill
node {baseDir}/bin/safe-install.js policy validate --file ./policy.json

Review flow

  1. Source validation: check the candidate against allowedSources.
  2. Pattern blocking: reject candidates that match a blocked regular expression.
  3. ClawShield scan: scan before install.
  4. Risk review:
    • Safe: install directly
    • Caution: require --yes or interactive approval
    • Avoid: require --force
  5. Snapshot storage: save a hashed snapshot for rollback.

Policy file

.openclaw-tools/safe-install.json:

{
  "defaultAction": "prompt",
  "blockedPatterns": ["curl\\s*\\|\\s*sh"],
  "allowedSources": ["clawhub.com", "/local/skills"],
  "forceRequiredForAvoid": true
}
  • defaultAction: allow/prompt/block
  • blockedPatterns: regular expressions that reject installation
  • allowedSources: source allowlist
  • forceRequiredForAvoid: whether Avoid requires --force

Storage

.openclaw-tools/safe-install/
├── snapshots/{skill}/{version}/{hash}/  # stored snapshots
├── active/{skill}/                       # current active version
├── state.json                           # active state
└── history.json                         # install history

Limits

  • Maximum file size: 100MB
  • Maximum files per skill: 10,000
  • Maximum total skill size: 500MB
  • Path traversal protection is enforced

Boundaries

  • Safe Install currently resolves local directories or registry aliases defined in policy. It is not a full remote ClawHub client.
  • This tool adds a local control layer; it does not replace OpenClaw's native skills install flow.

Comments

Loading comments...