vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-03 13:22:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(security): fail closed on dangerous skill installs

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-31 23:27:10 +09:00
parent 98c0c38186
commit 0d7f1e2c84
21 changed files with 362 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/cli/plugins.md
View File

@@ -64,6 +64,11 @@ when the built-in scanner reports `critical` findings, but it does **not**
bypass plugin `before_install` hook policy blocks and does **not** bypass scan
failures.
This CLI flag applies to `openclaw plugins install`. Gateway-backed skill
dependency installs use the matching `dangerouslyForceUnsafeInstall` request
override, while `openclaw skills install` remains a separate ClawHub skill
download/install flow.
`plugins install` is also the install surface for hook packs that expose
`openclaw.hooks` in `package.json`. Use `openclaw hooks` for filtered hook
visibility and per-hook enablement, not package installation.