Safe Install - Secure Skill Installer
LiveInstall OpenClaw Skills with built-in security checks
SecurityOpenClawCLI
Safe Install - Secure Skill Installer
A safer way to install OpenClaw Skills.
Why Safe Install?
The default clawhub install trusts all Skills equally. Safe Install adds a security layer:
# Instead of this:
clawhub install some-skill
# Do this:
npx safe-install some-skill
How It Works
- Download - Fetch Skill from ClawHub
- Scan - Run security analysis (via Skill Sentinel / ClawShield)
- Decide - Based on risk level:
- 🟢 Safe → Install immediately
- 🟡 Caution → Show warning, ask confirmation
- 🔴 Avoid → Block installation (require
--force)
- Fingerprint - Save installation record for audit
Policy Configuration
{
"defaultAction": "prompt",
"blockedPatterns": ["curl|sh", "eval("],
"allowedSources": ["verified-authors"],
"requireSignature": false
}
Installation Fingerprint
Every installation gets a unique fingerprint:
Install: some-skill@v1.2.3
Hash: a1b2c3d4...
Risk: Safe
Time: 2026-02-23T10:00:00Z
Policy: default
Rollback
# See installation history
safe-install history
# Rollback to previous version
safe-install rollback some-skill
信任层·社区画像
Trust Layer
Data handling is explicit
Open and auditable workflow
Runtime boundaries are transparent
Risk Note
Third-party skills may include hidden network calls or unsafe install scripts. Scan before use.