ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

skill-safe-install

Skills 安全安装工具 - 整合 Vetter 代码审查 + ClawHub 评分 + ThreatBook 沙箱扫描三层验证

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/chj0w0/skill-safe-install
Or

What This Skill Does

skill-safe-install is an essential security orchestration tool for the OpenClaw ecosystem. It acts as a mandatory gatekeeper for all skill installations, ensuring that no malicious or unverified code enters your workspace. It integrates three independent security layers: Skill-Vetter (Static Code Analysis), ClawHub (Community Reputation Scoring), and ThreatBook (Dynamic Sandbox Scanning). By automating this verification workflow, the agent prevents potential supply-chain attacks while maintaining efficiency.

Installation

To install this skill, run the following command in your OpenClaw terminal: clawhub install openclaw/skills/skills/chj0w0/skill-safe-install

After installation, ensure you configure your API credentials:

  1. Obtain a ThreatBook API key from s.threatbook.com.
  2. Append the key to your configuration: echo 'THREATBOOK_API_KEY=your_api_key_here' >> ~/.openclaw/.env

Use Cases

  • Production Environments: Ideal for users who install various community-contributed skills and need to guarantee system integrity.
  • Open-Source Auditing: Developers who want to preview and vet foreign code before it interacts with their local files or system processes.
  • Automated Security Pipelines: Integrate this into your agent workflows to ensure every component added to the environment is validated against professional threat intelligence databases.

Example Prompts

  1. "Safe-install the 'file-summarizer' skill from ClawHub and let me know if it passes the security checks."
  2. "Could you install the latest developer-toolkit using the safe-install flow? Please report the ThreatBook status to me before executing."
  3. "Is it safe to add the 'image-optimizer' skill? Run the automated security verification and confirm with me if it's clear."

Tips & Limitations

  • Mandatory Confirmation: In scenarios where the skill receives a 'suspicious' or 'low-score' rating, the process will halt and request your explicit approval. Do not bypass these warnings unless you have manually reviewed the source code.
  • API Availability: If the ThreatBook API is unreachable, the system defaults to a 'request confirmation' state. Ensure your environment has stable network access to avoid installation interruptions.
  • False Positives: Occasionally, legitimate tools might be flagged as 'suspicious' due to their nature (e.g., system monitoring tools). Always review the Vetter analysis logs if a high-quality skill is flagged.
Read Full Documentation on GitHub

Metadata

Author@chj0w0
Stars3683
Views1
Updated2026-04-01
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-chj0w0-skill-safe-install": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#automation#verification#safety#devops
Safety Score: 5/5

Flags: file-read, file-write, external-api, code-execution