🔐 Safe Install — 安全安装
v1.0.1通过策略校验、ClawShield扫描、快照存储与回滚控制,安全安装OpenClaw技能,确保环境稳定可回溯。
0· 432·4 当前·4 累计
by @mike007jd下载技能包
最后更新
2026/3/27
安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This tool is coherent with its stated purpose, but before installing: (1) review the policy file you will use (allowedSources, blockedPatterns, and registry mappings) so the tool doesn't allow unexpected local paths; (2) inspect or vet the @mike007jd/openclaw-clawshield dependency (it performs scanning and could perform network I/O); (3) confirm the store directory (.openclaw-tools/safe-install) is an acceptable location for snapshots and history and contains no sensitive files you don't want pr...详细分析 ▾
✓ 用途与能力
Name, description, CLI usage, and source code align: the tool performs local-path resolution, policy validation, a ClawShield scan, decisioning (Safe/Caution/Avoid), and snapshot/history storage. The sole required binary is node which is appropriate. The fixtures (including one with a curl | sh payload) are test cases used to demonstrate blocking behavior and are consistent with the installer's purpose.
✓ 指令范围
SKILL.md instructs running the included CLI against local paths and a local policy file and shows storing snapshots under .openclaw-tools — all within the declared scope. The runtime code reads policy and store files under .openclaw-tools by default and resolves local directories or registry aliases from the policy. There are no instructions that attempt to read unrelated system secrets or transmit data to unexpected endpoints in the provided content.
ℹ 安装机制
There is no external install spec (the package is distributed as code files and a bin script), which is low risk. The code depends on an external package (@mike007jd/openclaw-clawshield) for scanning; that dependency is expected but is the primary external piece to review because it could perform network activity or other scanning behaviour. No downloads or URL-based installs are performed by this code itself.
✓ 凭证需求
The skill declares no required environment variables or credentials and the code does not read secrets or external credentials in the visible portions. Access to filesystem paths is scoped to local skill sources and the .openclaw-tools store, which is appropriate for a local installer.
✓ 持久化与权限
The skill does not request always:true and defaults to normal invocation rules. It writes snapshots, state.json, and history.json under a local store directory (.openclaw-tools/safe-install) which is expected for this tool and does not appear to modify other skills or global agent settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/2/26
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install safe-install
镜像加速npx clawhub@latest install safe-install --registry https://cn.longxiaskill.com