Use this skill when a user wants to inspect a local skill artifact before install.
The default result is an audit report, not an installation.
Workflow:
clawhub-install-gate inspect first.PASS, REVIEW, or BLOCK..clawhub/lock.json or another lockfile may change,--replace or --allow-review would be needed.BLOCK.REVIEW after explicit user approval for both the residualfindings and the active-project impact.
explicitly asks for global install.
clawhub-install-gate verify after install when requested.clawhub-install-gate usage when the user asks to track install or REVIEW override usage on this machine.Active-project decision:
NO INSTALL: BLOCK, unclear provenance, unknown destination, duplicate namewithout replace approval, global destination without explicit request, hidden
hooks, credential access, service restarts, or unreviewed scripts.
STAGE ONLY: PASS or approved REVIEW, but target runtime, duplicate-namerisk, dependency impact, or proof value is still uncertain.
INSTALL: PASS, destination is explicit, no duplicate-name surprise, impactis understood, and the user asked to install.
Review policy:
BLOCK covers private-data transmission, secret-store probing, broad security weakening, denial circumvention, and destructive actions.--allow-review or --replace as implied by the user's earlierapproval. Confirm those flags for the specific artifact and destination.
共 1 个版本