safe-install

Install OpenClaw skills through policy validation, ClawShield scanning, snapshot storage, and rollback controls.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "safe-install" with this command: npx skills add mike007jd/safe-install

Safe Install

Add a local security review layer in front of skill installation.

When to use

  • You want policy-driven review before activating a local skill.
  • You need ClawShield scanning and human approval for medium or high risk findings.
  • You want rollback-ready snapshots and install history for locally managed skills.

Commands

node {baseDir}/bin/safe-install.js /path/to/skill --config ./policy.json --store ./.openclaw-tools/safe-install
node {baseDir}/bin/safe-install.js /path/to/skill --yes
node {baseDir}/bin/safe-install.js /path/to/skill --force
node {baseDir}/bin/safe-install.js history --format table
node {baseDir}/bin/safe-install.js rollback my-skill
node {baseDir}/bin/safe-install.js policy validate --file ./policy.json

Review flow

  1. Source validation: check the candidate against allowedSources.
  2. Pattern blocking: reject candidates that match a blocked regular expression.
  3. ClawShield scan: scan before install.
  4. Risk review:
    • Safe: install directly
    • Caution: require --yes or interactive approval
    • Avoid: require --force
  5. Snapshot storage: save a hashed snapshot for rollback.

Policy file

.openclaw-tools/safe-install.json:

{
  "defaultAction": "prompt",
  "blockedPatterns": ["curl\\s*\\|\\s*sh"],
  "allowedSources": ["clawhub.com", "/local/skills"],
  "forceRequiredForAvoid": true
}
  • defaultAction: allow/prompt/block
  • blockedPatterns: regular expressions that reject installation
  • allowedSources: source allowlist
  • forceRequiredForAvoid: whether Avoid requires --force

Storage

.openclaw-tools/safe-install/
├── snapshots/{skill}/{version}/{hash}/  # stored snapshots
├── active/{skill}/                       # current active version
├── state.json                           # active state
└── history.json                         # install history

Limits

  • Maximum file size: 100MB
  • Maximum files per skill: 10,000
  • Maximum total skill size: 500MB
  • Path traversal protection is enforced

Boundaries

  • Safe Install currently resolves local directories or registry aliases defined in policy. It is not a full remote ClawHub client.
  • This tool adds a local control layer; it does not replace OpenClaw's native skills install flow.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Authensor Gateway

Fail-safe policy gate for OpenClaw marketplace skills. Intercepts tool calls before execution and checks them against your Authensor policy. Low-risk actions run automatically. High-risk actions require your approval. Dangerous actions are blocked. Only action metadata is sent to the control plane — never your files, API keys, or conversation content.

Registry SourceRecently Updated
2.5K3Profile unavailable
Security

OpenClaw Key Management

Secure credential storage system for OpenClaw that encrypts and protects API keys, tokens, and sensitive credentials from memory file compromise.

Registry SourceRecently Updated
2940Profile unavailable
Security

Nova权限系统

提供完整的权限认证系统,包括权限检查、身份管理、审批流程及权限配置模板,支持多平台账号绑定和审计。

Registry SourceRecently Updated
3170Profile unavailable
Security

Deepsafe Scan

Preflight security scanner for AI coding agents — scans deployment config, skills/MCP servers, memory/sessions, and AI agent config files (hooks injection) f...

Registry SourceRecently Updated
3500Profile unavailable