toolchain-bootstrap

v1.0.0

OpenClaw 新容器初始化工具链引导程序。自动从 GitHub 下载 toolchain_v2.tar.gz，解压到 /workspace，配置 PATH 环境变量，验证所有已安装语言/工具。适用场景：新容器启动后一行命令完成全部开发环境配置。

⭐ 1· 97·0 current·0 all-time

by@turinfohlen

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for turinfohlen/toolchain-bootstrap.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "toolchain-bootstrap" (turinfohlen/toolchain-bootstrap) from ClawHub.
Skill page: https://clawhub.ai/turinfohlen/toolchain-bootstrap
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install turinfohlen/toolchain-bootstrap

ClawHub CLI

Package manager switcher

npx clawhub@latest install toolchain-bootstrap

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description, skill.toml invocation, SKILL.md and the two scripts all consistently implement a toolchain bootstrapper that downloads a release tarball, extracts it to /workspace, writes environment variables, and verifies installed tools. Requested resources and actions align with the stated purpose; no unrelated credentials or services are requested.

Instruction Scope

The runtime instructions and scripts download a large archive from GitHub and extract it into /workspace, then write environment variables to /workspace/.toolchain_env and append to ~/.bashrc if writable. The scripts do not perform integrity checks (no checksum or signature verification) and will place binaries/libraries on disk that could be executed later. While this behavior is coherent for a bootstrapper, lack of artifact verification and the persistence of shell changes are notable risks.

ℹ

Install Mechanism

There is no formal install spec; the scripts perform a network download from a GitHub releases URL (a well-known host) and extract the archive. Download-from-GitHub + extract is expected for this use case, but extraction of an unverified 590MB archive is a moderate-to-high risk because arbitrary binaries/libraries are written to the container filesystem.

✓

Credentials

The skill requests no secrets or external credentials. It does modify shell configuration by writing environment variables to /workspace/.toolchain_env and appending an env block to ~/.bashrc (if writable) which is appropriate for a toolchain installer but should be made explicit to users. It uses common system utilities (curl, tar, grep, awk) present in typical containers; these binaries are not declared but are standard.

ℹ

Persistence & Privilege

The skill does persist environment changes (writes /workspace/.toolchain_env and appends to ~/.bashrc). always is false and it does not modify other skills or platform-wide settings. Persistence is expected for this skill, but users should be aware it changes their shell startup files.

Assessment

This skill appears to do what it says (download and install a toolchain into /workspace and configure PATH), but exercise caution before running setup in a sensitive environment: 1) The script downloads and extracts a large tarball from a third-party GitHub release and does not verify checksums or signatures — inspect the release and repository first. 2) The tarball will place binaries/libraries on disk; run the install only in a disposable or isolated container if you do not fully trust the author. 3) The installer will append environment variables to ~/.bashrc (persistence). If you want to minimize risk, run the 'verify' or 'list' commands (which do not download) first, or manually download and inspect the tarball (e.g., list its contents and scan for unexpected executables) before extracting. 4) Prefer running the setup after confirming the GitHub repo owner and release integrity (checksum/GPG) or adding an explicit verification step.

Like a lobster shell, security has layers — review code before you run it.

latestvk972m61vkww3ft8958ye7gjb5985723c

97downloads

1stars

1versions

Updated 1w ago

v1.0.0

MIT-0

toolchain-bootstrap

新容器初始化 — 5 分钟搞定所有开发语言环境

使用方式

# 完整初始化（新容器）
openclaw skill run toolchain-bootstrap setup

# 仅验证当前环境
openclaw skill run toolchain-bootstrap verify

# 查看已安装工具列表
openclaw skill run toolchain-bootstrap list

验证的工具

工具	路径	版本命令
Go	`/workspace/toolchain/go/bin/go`	`go version`
Java (OpenJDK)	`/workspace/toolchain/jdk-21.0.10+7/bin/java`	`java -version`
Maven	`/workspace/toolchain/apache-maven-3.9.6/bin/mvn`	`mvn -version`
Erlang	`/workspace/toolchain/erlang/bin/erl`	`erl -eval '...' -noshell`
Elixir	`/workspace/toolchain/elixir/bin/elixir`	`elixir --version`
Rust	`/workspace/toolchain/rust/rustup/toolchains/*/bin/rustc`	`rustc --version`
Ruby	`/workspace/toolchain/ruby/bin/ruby`	`ruby --version`
Lua	`/workspace/toolchain/lua/bin/lua`	`lua -v`
Node.js	`/usr/local/bin/node`	`node --version`
Python	`/usr/bin/python3`	`python3 --version`

环境变量

自动写入 ~/.bashrc：

export TOOLCHAIN=/workspace/toolchain
export PATH=/workspace/toolchain/go/bin:$PATH
export JAVA_HOME=/workspace/toolchain/jdk-21.0.10+7
export RUSTUP_HOME=/workspace/toolchain/rust
export CARGO_HOME=/workspace/toolchain/rust/.cargo

源

下载包: https://github.com/TurinFohlen/openclaw-toolchain/releases/download/v2.0/toolchain_v2.tar.gz
scripts/bootstrap.sh — 主引导脚本
scripts/setup-env.sh — 环境变量配置
references/env-template.txt — PATH 模板参考

Comments

Loading comments...