Manage Skills Supply Chain and Install Only Officially Maintained Built-in Skills
Install only officially maintained built-in skills. Review SKILL.md and the code logic before installation.
Official Source |
How to Obtain |
Description |
|---|---|---|
ClawHub official repository |
https://clawhub.ai/ |
It is the only official skill marketplace; all third-party mirror sites are unauthorized. |
Built-in skills |
Built into OpenClaw |
No installation; available out of the box. |
Official GitHub organization |
github.com/openclaw |
Officially maintained skill repository. |
Exercise extreme caution with skills involving curl, wget, network requests, or command execution. For sensitive tasks, you are advised to develop skills locally to maintain code sovereignty.
Category |
Malicious Behavior |
Spoofing Name |
|---|---|---|
Credential theft |
Reads and exfiltrates ~/.ssh, ~/.aws, browser password, and API key. |
"ssh-manager", "aws-helper", and "key-manager" |
File deletion |
Executes rm -rf, deletes system files, and corrupts startup items. |
"cleaner", "disk-free", and "temp-clean" |
Backdoor implantation |
Creates hidden users, opens reverse shells, and installs remote control tools. |
"remote-assist" and "ssh-tunnel" |
Cryptojacking |
Silently downloads cryptocurrency mining software, heavily consuming CPU/GPU resources. |
"system-optimizer" and "cpu-boost" |
Data exfiltration |
Packages private files and uploads them to unknown domain servers. |
"backup-tool" and "sync-helper" |
AI poisoning |
Modifies SOUL.md or IDENTITY.md to alter or compromise the AI's core persona. |
"personality-enhancer" and "soul-editor" |
Privilege escalation |
Attempts sudo, privilege escalation, or modification of system configurations. |
"admin-helper" and "system-config" |
Cyberattacks |
Scans internal networks, attacks adjacent servers, or launches DDoS attacks. |
"network-scanner" and "port-check" |
Procedure
To disable third-party skills, you must implement a combination of security policies.
- Configure skills.allowBundled to ensure that only the specified built-in skills can be loaded; all other built-in skills will be ignored.
- Method 1
openclaw config set skills.allowBundled '["gog", "github", "weather", "clawhub", "healthcheck"]'
- Method 2
- Open the configuration file.
vim ~/.openclaw/openclaw.json
- Press i to enter the insert mode and configure skills.allowBundled.
{ "skills": { "allowBundled": [ "gog", "github", "weather", "clawhub", "healthcheck" ] } } - Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
- Open the configuration file.
- Method 1
- Clear the external skill loading directories.
- Open the configuration file.
vim ~/.openclaw/openclaw.json
- Press i to enter the insert mode and configure skills.load.
{ "skills": { "load": { "extraDirs": [], "watch": false } } } - Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
- Open the configuration file.
- Delete the existing third-party skill directories.
- Clear the local skill directory
rm -rf ~/.openclaw/skills/*
- Clear the workspace skill directory (if any).
rm -rf <workspace>/skills/*
- Clear the local skill directory