Skill Install Manager 1.0.0
ReviewAudited by ClawScan on May 18, 2026.
Overview
This skill claims to safely vet skill installs, but its included installer script only simulates vetting and installation while printing trustworthy-looking success messages.
Do not treat this as a real security installer in its current form. It appears to be a mock/demo that prints safe-looking reports, so only install skills after independently running a real Skill Vetter review and confirming the exact source and configuration impact.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could believe an arbitrary skill was actually reviewed and approved when it was only given a simulated pass.
The script acknowledges that real Skill Vetter integration is not implemented, but still prints a formal-looking SAFE TO INSTALL report. This directly contradicts the skill's safety claim.
# 这里应该调用skill-vetter技能进行检测 # 暂时模拟检测过程 ... echo "VERDICT: ✅ SAFE TO INSTALL"
Do not rely on this script as a security gate until it invokes the real Skill Vetter, validates the result, and clearly fails closed when vetting cannot be completed.
Untrusted or unknown skill sources could receive the same simulated approval as trusted sources, undermining the supply-chain protection this skill advertises.
The installer accepts broad, arbitrary skill sources but does not actually validate provenance or run the promised vetting step before declaring the skill safe.
echo "2. GitHub仓库URL" echo "3. 本地技能目录" echo "4. 其他来源" ... # 暂时模拟检测过程
Restrict supported sources, record provenance, and require real vetting of the exact artifact before any install guidance or success message.
The user may receive inaccurate assurance that no configuration changes are needed and that a skill was installed safely.
The promised configuration-modification gate is hard-coded to pass, and the script reports install execution/success without actually verifying or performing the install.
# 模拟检查 - 假设不需要配置修改 log_success "未发现需要修改的配置" log_info "执行: clawhub install $skill_name" # 模拟安装成功
Replace simulated checks with real inspection of the target skill's install requirements and clearly distinguish dry-run output from real installation.
If used, search requests and an API key are sent to Composio; there is no artifact evidence of credential theft, but the credential expands account access.
The documentation includes optional use of a Composio API key for search. This is purpose-aligned, but it is still an external credential the user should handle carefully.
curl -X POST "$COMPOSIO_BASE/tools/execute/COMPOSIO_SEARCH_TOOLS" \ -H "x-api-key: $COMPOSIO_API_KEY"
Only set the Composio API key if you intend to use that provider, keep it out of logs, and use the least-privileged key available.
Running the script gives it the ability to guide installation workflow in the local environment.
The documented workflow asks the user to run a local shell script. This is expected for an install manager, and no automatic execution is shown.
cd ~/.openclaw/workspace/skills/skill-install-manager-1.0.0 ./scripts/safe-install.sh "技能名称"
Review the script first and run it only when you are comfortable with its behavior; treat it as a dry-run/mock unless corrected.