TopRank Skills
Home / Claw Skills / Git / GitHub / skill-safe-install
Official OpenClaw rules 36%

skill-safe-install

Skills 安全安装工具 - 整合 Vetter 代码审查 + ClawHub 评分 + ThreatBook 沙箱扫描三层验证

View Source SKILL.md

Stars

0

Installs

0

Status

ACTIVE

Visibility

PUBLIC

安装方式

直接复制以下提示词,发送给你的 AI 助手即可完成安装。

请先检查是否已安装 SkillHub 商店,若未安装,请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店,然后安装 skill-safe-install 技能。 若已安装,则直接安装 skill-safe-install 技能。

Overview

Skill Key
chj0w0/skill-safe-install
Author
chj0w0
Source Repo
openclaw/skills
Version
-
Source Path
skills/chj0w0/skill-safe-install
Latest Commit SHA
bde4dd21fb741a3c362206ff1a2bbe2e3f9621cc

Extracted Content

SKILL.md excerpt

# Skills 安全安装工具

在安装任何 Skill 前自动执行**三层安全检查**,包括 **Skill-Vetter 代码审查**、**ClawHub 评分检查** 和 **ThreatBook 沙箱扫描**。

## 快速开始

### 1. 配置 API Key

```bash
# 获取微步在线 API Key: https://s.threatbook.com
echo 'THREATBOOK_API_KEY=your_api_key_here' >> ~/.openclaw/.env
```

### 2. 使用安全安装

```bash
# 替代 clawhub install,自动执行完整检查
node ~/.openclaw/workspace/skills/skill-safe-install/scripts/safe-install.mjs skill-name

# 或添加别名
alias clawhub-safe='node ~/.openclaw/workspace/skills/skill-safe-install/scripts/safe-install.mjs'
clawhub-safe skill-name
```

## 安全检查流程

```
┌─────────────────────────────────────────────────────────┐
│              Skills 安全安装流程                         │
├─────────────────────────────────────────────────────────┤
│                                                         │
│  1️⃣  Skill-Vetter 代码审查                               │
│      ├─ 检查红旗(恶意代码模式)                          │
│      ├─ 评估来源信任层级                                 │
│      ├─ 发现极端红旗 → ❌ 禁止安装                       │
│      └─ 发现高风险 → ❓ 询问任务下达者                    │
│                                                         │
│  2️⃣  ClawHub 评分检查                                    │
│      ├─ 评分 ≥ 3.5 → ✅ 通过,继续                       │
│      └─ 评分 < 3.5 → ❓ 询问任务下达者                    │
│                                                         │
│  3️⃣  ThreatBook 沙箱扫描                                 │
│      ├─ safe → ✅ 允许安装                              │
│      ├─ suspicious → ❓ 询问任务下达者                   │
│      ├─ malicious → ❌ 禁止安装                         │
│      └─ API 失败 → ❓ 询问任务下达者                     │
│                                                         │
│  4️⃣  执行安装                                           │
│                                                         │
└───────────────────────────...

README excerpt

# 🛡️ Skills 安全安装工具

在安装任何 Skill 前自动执行**三层安全检查**,包括 **Skill-Vetter 代码审查**、**ClawHub 评分检查** 和 **ThreatBook 沙箱扫描**。

## 核心特性

- ✅ **自动触发** - 安装前自动执行检查,无需手动操作
- ✅ **三层验证** - Vetter 代码审查 + ClawHub 评分 + ThreatBook 沙箱扫描
- ✅ **红旗检测** - 25+ 种恶意代码模式识别(极端/高/中/低风险)
- ✅ **智能决策** - 根据决策矩阵自动判断或询问任务下达者
- ✅ **完整流程** - 整合所有检查步骤于单一工具
- ✅ **详细报告** - 清晰的检查结果和判定依据

## 安装与配置

### 1. 获取微步在线 API Key

访问 [微步云沙箱](https://s.threatbook.com) 注册账号并获取 API Key。

### 2. 配置环境变量

```bash
# 添加到 ~/.openclaw/.env
echo 'THREATBOOK_API_KEY=your_api_key_here' >> ~/.openclaw/.env
```

### 3. 添加 Shell 别名(推荐)

```bash
# 添加到 ~/.bashrc
alias clawhub-safe='node ~/.openclaw/workspace/skills/skill-safe-install/scripts/safe-install.mjs'

# 使别名生效
source ~/.bashrc
```

## 使用方法

### 基本用法

```bash
# 使用脚本路径
node ~/.openclaw/workspace/skills/skill-safe-install/scripts/safe-install.mjs tavily-search

# 使用别名(配置后)
clawhub-safe tavily-search
```

### 选项

| 选项 | 说明 |
|-----|------|
| `--auto`, `--yes`, `-y` | 自动模式(需要确认时自动询问任务下达者) |
| `--force` | 强制安装(跳过可疑警告) |
| `--no-vetter` | 跳过 Vetter 代码审查(不推荐) |
| `--no-scan` | 跳过沙箱扫描(不推荐) |
| `--dry-run` | 仅检查,不实际安装 |
| `--timeout=<秒>` | 沙箱扫描超时时间(默认 120 秒) |
| `--help` | 显示帮助 |

### 示例

```bash
# 标准安装(三层检查)
clawhub-safe tavily-search

# 自动模式(需要确认时自动询问)
clawhub-safe some-skill --auto

# 仅检查不安装
clawhub-safe some-skill --dry-run

# 强制安装(跳过警告)
clawhub-safe risky-skill --force

# 跳过 Vetter(不推荐)
clawhub-safe trusted-skill --no-vetter

# 延长超时时间
clawhub-safe large-skill --timeout=180
```

## 安全检查流程

```
┌─────────────────────────────────────────────────────────┐
│              Skills 安全安装流程...

Related Claw Skills

heyixuan2

bambu-studio-ai

★ 41

Bambu Lab 3D printer control and automation. Activate when user mentions: printer status, 3D printing, slice, analyze model, generate 3D, AMS filament, print monitor, Bambu Lab, or any 3D printing task. Full pipeline: search → generate → analyze → colorize → preview → open BS → user slice → print → monitor. Supports all 9 Bambu Lab printers (A1 Mini, A1, P1S, P2S, X1C, X1E, H2C, H2S, H2D).

capt-marbles

geo-optimization

★ 1

Generative Engine Optimization (GEO) for AI search visibility. Optimize content to appear in ChatGPT, Perplexity, Claude, and Google AI Overviews. Use when optimizing websites, pages, or content for LLM discoverability and citation.

carlulsoe

parakeet-stt

★ 0

Local speech-to-text with NVIDIA Parakeet TDT 0.6B v3 (ONNX on CPU). 30x faster than Whisper, 25 languages, auto-detection, OpenAI-compatible API. Use when transcribing audio files, converting speech to text, or processing voice recordings locally without cloud APIs.

carlzhao007

feishu-process-feedback

★ 0

飞书消息自动处理与进度反馈技能。安装后后台运行,监听飞书任务消息并自动创建独立进程处理。 在处理前后发送实时进度反馈(任务确认、进度百分比、完成通知)。 支持任务类型识别、智能解析、错误重试、并发控制、状态持久化。 使用场景:飞书自动化工作流、任务进度追踪、批量任务处理、需要实时反馈的场景。

cartoonitunes

bottyfans

★ 0

BottyFans agent skill for autonomous creator monetization. Lets AI agents register, build a profile, publish posts (public, subscriber-only, or pay-to-unlock), upload media, accept USDC subscriptions and tips on Base, send and receive DMs, track earnings, and appear on the creator leaderboard. Use this skill when an agent needs to monetize content, interact with fans, manage a creator profile, handle payments in USDC, or operate as an autonomous creator on the BottyFans platform.

camopel

arxivkb

★ 0

Local arXiv paper manager with semantic search. Crawls arXiv categories, downloads PDFs, chunks content, and indexes with FAISS + Ollama embeddings. No cloud API keys required — everything runs locally.