fix: harden github-backed skill installs

Patrick-Erichsen · Patrick-Erichsen · commit 231d0010c300 · 2026-06-04T17:00:06.000-07:00
diff --git a/src/agents/templates/HEARTBEAT.md b/src/agents/templates/HEARTBEAT.md
@@ -1,5 +1,5 @@
-<!-- Heartbeat template; comments-only content prevents scheduled heartbeat API calls. -->
+# HEARTBEAT.md
 
-# Keep this file empty (or with only comments) to skip heartbeat API calls.
+# Keep this file empty to skip heartbeat API calls.
 
 # Add tasks below when you want the agent to check something periodically.
diff --git a/src/agents/tools/pdf-tool.model-config.test.ts b/src/agents/tools/pdf-tool.model-config.test.ts
@@ -180,7 +180,7 @@ describe("resolvePdfModelConfigForTool", () => {
     } as OpenClawConfig;
 
     expect(resolvePdfModelConfigForTool({ cfg, agentDir: TEST_AGENT_DIR })).toEqual({
-      primary: "openai/gpt-5.4-mini",
+      primary: "openai/gpt-5.5",
       fallbacks: ["minimax/MiniMax-M2.7", "minimax-portal/MiniMax-M2.7"],
     });
   });
diff --git a/src/cli/skills-cli.clawhub-install.e2e.test.ts b/src/cli/skills-cli.clawhub-install.e2e.test.ts
@@ -1,6 +1,6 @@
 import { spawn } from "node:child_process";
 import fs from "node:fs/promises";
-import { createServer, type IncomingMessage } from "node:http";
+import { createServer, type IncomingMessage, type ServerResponse } from "node:http";
 import type { AddressInfo } from "node:net";
 import os from "node:os";
 import path from "node:path";
@@ -40,7 +40,7 @@ async function spawnOpenClaw(
   });
 }
 
-async function buildGitHubSkillZip(commit: string): Promise<Buffer> {
+async function buildGitHubSkillZip(): Promise<Buffer> {
   const zip = new JSZip();
   zip.file("skills-main/skills/aiq-deploy/SKILL.md", "# AIQ Deploy\n");
   zip.file("skills-main/skills/aiq-deploy/skill-card.md", "# Card\n");
@@ -53,8 +53,8 @@ describe("openclaw skills install ClawHub GitHub-backed E2E", () => {
     const commit = "c".repeat(40);
     const telemetryBodies: unknown[] = [];
     const requestLog: string[] = [];
-    const githubZipBytes = await buildGitHubSkillZip(commit);
-    const server = createServer(async (req, res) => {
+    const githubZipBytes = await buildGitHubSkillZip();
+    async function handleRequest(req: IncomingMessage, res: ServerResponse): Promise<void> {
       const url = new URL(req.url ?? "/", "http://127.0.0.1");
       requestLog.push(`${req.method ?? "GET"} ${url.pathname}`);
 
@@ -92,8 +92,18 @@ describe("openclaw skills install ClawHub GitHub-backed E2E", () => {
 
       res.writeHead(404, { "Content-Type": "text/plain; charset=utf-8" });
       res.end("not found");
+    }
+    const server = createServer((req, res) => {
+      void handleRequest(req, res).catch((error: unknown) => {
+        res.writeHead(500, { "Content-Type": "text/plain; charset=utf-8" });
+        res.end(error instanceof Error ? error.message : String(error));
+      });
+    });
+    await new Promise<void>((resolve) => {
+      server.listen(0, "127.0.0.1", () => {
+        resolve();
+      });
     });
-    await new Promise<void>((resolve) => server.listen(0, "127.0.0.1", resolve));
 
     const registry = `http://127.0.0.1:${(server.address() as AddressInfo).port}`;
     const stateDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-clawhub-cli-e2e-"));
@@ -134,7 +144,11 @@ describe("openclaw skills install ClawHub GitHub-backed E2E", () => {
         ],
       });
     } finally {
-      await new Promise<void>((resolve) => server.close(() => resolve()));
+      await new Promise<void>((resolve) => {
+        server.close(() => {
+          resolve();
+        });
+      });
       await fs.rm(stateDir, { recursive: true, force: true });
     }
   }, 30_000);
diff --git a/src/crestodian/rescue-message.test.ts b/src/crestodian/rescue-message.test.ts
@@ -1,7 +1,7 @@
 import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
-import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
+import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
 import type { CommandContext } from "../auto-reply/reply/commands-types.js";
 import type { OpenClawConfig } from "../config/types.openclaw.js";
 import type { RuntimeEnv } from "../runtime.js";
diff --git a/src/infra/clawhub.test.ts b/src/infra/clawhub.test.ts
@@ -8,6 +8,7 @@ import { withTempDir } from "../test-helpers/temp-dir.js";
 import {
   downloadClawHubPackageArchive,
   downloadClawHubSkillArchive,
+  downloadClawHubSkillArchiveUrl,
   fetchClawHubSkillCard,
   fetchClawHubSkillSecurityVerdicts,
   fetchClawHubPackageArtifact,
@@ -855,4 +856,33 @@ describe("clawhub helpers", () => {
       await expectPathMissing(archiveDir);
     }
   });
+
+  it("does not send ambient ClawHub auth tokens to off-registry resolver archive URLs", async () => {
+    process.env.OPENCLAW_CLAWHUB_TOKEN = "env-token-123";
+    let requestedUrl = "";
+    let requestedInit: RequestInit | undefined;
+
+    const archive = await downloadClawHubSkillArchiveUrl({
+      baseUrl: "https://clawhub.ai",
+      url: "https://codeload.github.com/NVIDIA/skills/zip/abcdef",
+      fetchImpl: async (input, init) => {
+        requestedUrl = input instanceof Request ? input.url : String(input);
+        requestedInit = init;
+        return new Response(new Uint8Array([7, 8, 9]), {
+          status: 200,
+          headers: { "content-type": "application/zip" },
+        });
+      },
+    });
+
+    try {
+      expect(requestedUrl).toBe("https://codeload.github.com/NVIDIA/skills/zip/abcdef");
+      expect(new Headers(requestedInit?.headers).get("Authorization")).toBeNull();
+      await expect(fs.readFile(archive.archivePath)).resolves.toEqual(Buffer.from([7, 8, 9]));
+    } finally {
+      const archiveDir = path.dirname(archive.archivePath);
+      await archive.cleanup();
+      await expectPathMissing(archiveDir);
+    }
+  });
 });
diff --git a/src/infra/clawhub.ts b/src/infra/clawhub.ts
@@ -1364,12 +1364,17 @@ export async function downloadClawHubSkillArchiveUrl(params: {
   timeoutMs?: number;
   fetchImpl?: FetchLike;
 }): Promise<ClawHubDownloadResult> {
+  const explicitToken = normalizeOptionalString(params.token);
+  const requestUrl = new URL(params.url, `${normalizeBaseUrl(params.baseUrl)}/`);
+  const registryOrigin = new URL(`${normalizeBaseUrl(params.baseUrl)}/`).origin;
+  const skipAuth = explicitToken == null && requestUrl.origin !== registryOrigin;
   const { response, url, hasToken } = await clawhubRequest({
     baseUrl: params.baseUrl,
     url: params.url,
-    token: params.token,
+    token: explicitToken,
     timeoutMs: params.timeoutMs,
     fetchImpl: params.fetchImpl,
+    skipAuth,
   });
   if (!response.ok) {
     throw await buildClawHubError(response, url, hasToken);
diff --git a/src/skills/lifecycle/clawhub.ts b/src/skills/lifecycle/clawhub.ts
@@ -892,9 +892,7 @@ async function performClawHubSkillInstall(
     let version!: string;
     let detail: ClawHubSkillDetail | undefined;
     let latestResolution: Extract<ClawHubSkillInstallResolutionResponse, { ok: true }> | undefined;
-    let install:
-      | Awaited<ReturnType<typeof installArchiveResolution>>
-      | Awaited<ReturnType<typeof installGitHubResolution>>;
+    let install: Awaited<ReturnType<typeof installArchiveResolution>>;
 
     const archive = params.version
       ? await (async () => {
diff --git a/src/tasks/task-flow-registry.store.test.ts b/src/tasks/task-flow-registry.store.test.ts
@@ -150,7 +150,7 @@ describe("task-flow-registry store runtime", () => {
   });
 
   it("rejects corrupt persisted flow rows during sqlite restore", async () => {
-    await withFlowRegistryTempDir(async (root) => {
+    await withFlowRegistryTempDir(async () => {
       resetTaskFlowRegistryForTests();
 
       const created = createManagedTaskFlow({
@@ -174,7 +174,7 @@ describe("task-flow-registry store runtime", () => {
   });
 
   it("drops invalid requester origins during sqlite restore", async () => {
-    await withFlowRegistryTempDir(async (root) => {
+    await withFlowRegistryTempDir(async () => {
       resetTaskFlowRegistryForTests();
 
       const created = createManagedTaskFlow({
@@ -203,7 +203,7 @@ describe("task-flow-registry store runtime", () => {
   });
 
   it("restores persisted wait-state, revision, and cancel intent from sqlite", async () => {
-    await withFlowRegistryTempDir(async (root) => {
+    await withFlowRegistryTempDir(async () => {
       resetTaskFlowRegistryForTests();
 
       const created = createManagedTaskFlow({
@@ -248,7 +248,7 @@ describe("task-flow-registry store runtime", () => {
   });
 
   it("round-trips explicit json null through sqlite", async () => {
-    await withFlowRegistryTempDir(async (root) => {
+    await withFlowRegistryTempDir(async () => {
       resetTaskFlowRegistryForTests();
 
       const created = createManagedTaskFlow({
@@ -269,7 +269,7 @@ describe("task-flow-registry store runtime", () => {
   });
 
   it("prunes large sqlite snapshots without binding every flow id at once", async () => {
-    await withFlowRegistryTempDir(async (root) => {
+    await withFlowRegistryTempDir(async () => {
       resetTaskFlowRegistryForTests();
 
       const flows = new Map<string, TaskFlowRecord>();
@@ -299,7 +299,7 @@ describe("task-flow-registry store runtime", () => {
     if (process.platform === "win32") {
       return;
     }
-    await withFlowRegistryTempDir(async (root) => {
+    await withFlowRegistryTempDir(async () => {
       resetTaskFlowRegistryForTests();
 
       createManagedTaskFlow({
