Skill Install Guard｜技能安装守门员

v0.4.3

Performs a five-step guarded skill install with checks for existence, local state, risk, execution, and post-install verification.

⭐ 0· 110·0 current·0 all-time

by文武贝@wuyunting555

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wuyunting555/shrimp-skill-install-guard.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Skill Install Guard｜技能安装守门员" (wuyunting555/shrimp-skill-install-guard) from ClawHub.
Skill page: https://clawhub.ai/wuyunting555/shrimp-skill-install-guard
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install shrimp-skill-install-guard

ClawHub CLI

Package manager switcher

npx clawhub@latest install shrimp-skill-install-guard

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name/description claim a pre-install vetting flow and the included Python script implements source checks, file enumeration/review, risk scoring, and an optional guarded install — these requirements align with the stated purpose.

ℹ

Instruction Scope

SKILL.md instructs the agent to enumerate and (for readable text files) read all files in the target skill and optionally run an install command. That stays within the stated vetting scope. Note: the code will also attempt source metadata fetches (network calls) and searches across configured local roots, which is expected for a vetter but should be noted by operators.

✓

Install Mechanism

There is no external install spec; the skill is instruction-plus-scripts (script files are included). No downloads or archive extraction are performed by an installer spec. This is the lowest install-mechanism risk category for a vetter tool.

Credentials

The skill declares no required env vars or credentials, which fits. However the code contains a hard-coded WORKSPACE_ROOT = /home/baiwan/.openclaw/workspace-assistant-shrimp and DEFAULT_LOCAL_ROOTS that will cause it to look in that absolute path and other local skill directories; this embedded path is unexplained and could cause unintended local data collection on systems where that path exists. The script also performs network fetches to gather source metadata and will flag credential-like strings in scanned files (expected for a vetter).

✓

Persistence & Privilege

The skill is not always:true and does not request system-wide configuration changes itself. It can run an operator-supplied install command (run with run_install_command), but that execution is explicitly constrained to direct executable invocations (no shell operators). The ability to run arbitrary install commands is necessary for its purpose but is a potential operational risk if the operator supplies a malicious command.

What to consider before installing

This package is largely what it says: a local vetter that enumerates files, fetches source metadata, reports red flags, and optionally runs a supplied install command. Before you run it: (1) review scripts/skill-install-guard.py yourself for any surprising behavior (notably it references /home/baiwan/.openclaw/workspace-assistant-shrimp — an unexplained hard-coded path); (2) run in dry-run mode (--dry-run or --stop-before-install) first and inspect the JSON report; (3) never pass unreviewed install commands — the tool will execute the exact command you provide (it disallows shell operators but can still run any binary); (4) run it in an isolated environment if you are concerned about local data exposure; and (5) if you need higher assurance, ask the author why the hard-coded workspace path is present or modify the script to use only explicit, documented local roots.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e3kv48eq3brmpmy503jyn8n84ej50

110downloads

0stars

8versions

Updated 2w ago

v0.4.3

MIT-0

Skill Install Guard｜技能安装守门员

Use this skill when the user wants safer, more consistent skill installation with clear go/no-go decisions and verifiable post-install results.

What it does

This skill enforces a fixed five-step installation guardrail:

Source check
- Collects key source trust signals (author, activity, update freshness, public feedback when available).
- Marks unavailable data explicitly so risk decisions stay transparent.
Local-state check
- Detects existing local installs before action.
- Reduces duplicate installs and path mistakes.
Code review (MANDATORY)
- Enumerates all files in the target skill.
- Reviews readable text files and records binary/oversize/unreadable handling with reasons.
Risk review
- Summarizes red flags, required permissions, risk level, and final recommendation.
- Produces human-readable conclusions and machine-readable report output.
Install execution + post-install verification
- Runs install only when policy allows.
- Verifies expected path and required key files after execution.

When to use

Before installing any unfamiliar skill from ClawHub.
Before adopting skills from GitHub or local directories.
When teams need consistent installation standards.
When security-sensitive environments require auditable evidence.

Primary command

python3 scripts/skill-install-guard.py --slug <skill-slug> [options]

Compatibility wrapper:

scripts/skill-install-guard.sh --slug <skill-slug> [options]

Required / useful inputs

--slug <slug>: required target skill slug
--source <source>: optional source (clawhub, local path, or URL)
--install-cmd '<command>': real install command for execution phase (direct executable invocation only; no shell pipes/redirects/chaining)
--expected-dir <path>: expected final install path
--version <version>: optional version hint
--dry-run: checks only
--stop-before-install: end after review phase
--allow-medium-risk: allow execution when risk is medium
--report-json <path>: write machine-readable result

Recommended operating pattern

Collect slug, source, intended install command, and expected final directory.
Run with --stop-before-install or --dry-run for non-destructive preflight.
Read risk summary and recommendation.
If blocked, stop and report why.
If allowed, run with actual install command.
Return both risk decision and post-install verification result.

Example: non-destructive verification

python3 scripts/skill-install-guard.py \
  --slug some-skill \
  --source clawhub \
  --expected-dir skills/some-skill \
  --stop-before-install \
  --report-json tmp/skill-install-guard/some-skill-verify.json

Example: real guarded install

python3 scripts/skill-install-guard.py \
  --slug some-skill \
  --source clawhub \
  --install-cmd 'clawhub install some-skill' \
  --expected-dir skills/some-skill \
  --report-json tmp/skill-install-guard/some-skill-install.json

Output requirements

When using this skill, report at minimum:

target skill name / slug
source checked and source-data completeness
all-files coverage summary
red flags found (or explicit none)
permissions needed (files / network / commands)
risk level
recommendation / verdict
install command used or skipped
final landed path check
final go / no-go result

Safety rules

Do not treat command exit status as sole success criterion.
Do not skip post-install verification.
If slug/source/version mismatch expectations, stop before install.
If risk recommendation is block, do not force install.
If risk is medium without explicit operator approval, keep blocked.
When uncertain, prefer no-go.

Comments

Loading comments...