feat: support git and local skill installs

[Patrick-Erichsen]

Summary

• add openclaw skills install git:owner/repo[@ref] and local directory source installs
• infer source install slugs from SKILL.md frontmatter, with --as overrides and ClawHub-only --version
• keep non-ClawHub source installs out of ClawHub update tracking and document the new install forms

Verification

• node scripts/run-vitest.mjs src/cli/skills-cli.commands.test.ts src/agents/skills-source-install.test.ts src/plugins/git-install.test.ts src/process/exec.test.ts
• pnpm exec oxfmt --check --threads=1 src/plugins/git-install.ts src/plugins/git-install.test.ts src/agents/skills-source-install.test.ts
• pnpm exec oxfmt --check --threads=1 docs/tools/skills.md docs/cli/skills.md
• pnpm docs:list
• git diff --check
• AUTOREVIEW_AUTO_TESTS=0 .agents/skills/autoreview/scripts/autoreview --parallel-tests "node scripts/run-vitest.mjs src/cli/skills-cli.commands.test.ts src/agents/skills-source-install.test.ts src/plugins/git-install.test.ts src/process/exec.test.ts"

Real Behavior Proof

Behavior addressed: openclaw skills install can install from ClawHub slugs, git: specs, and local skill directories while keeping ClawHub update behavior scoped to ClawHub-tracked installs.

Real environment tested: local Codex worktree on macOS using focused Vitest coverage and the repo autoreview helper.

Exact steps or command run after this patch: node scripts/run-vitest.mjs src/cli/skills-cli.commands.test.ts src/agents/skills-source-install.test.ts src/plugins/git-install.test.ts src/process/exec.test.ts.

Evidence after fix: focused tests passed with 5 files and 70 tests, including local directory installs, git installs, slash-containing refs, authenticated URL parsing, stale ClawHub metadata cleanup, and ClawHub route preservation.

Observed result after fix: final autoreview reported autoreview clean: no accepted/actionable findings reported.

What was not tested: live network install from a remote GitHub repository was not run; git behavior is covered with local git repositories and parser tests.

[clawsweeper]

Codex review: needs real behavior proof before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Adds openclaw skills install support for git: and local-directory skill sources, records source-origin metadata, keeps those installs out of ClawHub updates, updates Git spec parsing, and documents the new forms.

Reproducibility: not applicable. this is a feature PR rather than a bug report. Source inspection confirms current main is ClawHub-only and the branch adds the new install route, but I did not run the CLI in this read-only review.

PR rating
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🐚 platinum hermit
Summary: The patch shape is reasonable, but contributor proof is test-only, which leaves the PR not quality-ready for merge under the real behavior proof gate.

Rank-up moves:

• Add redacted real CLI proof for local-directory and Git skill installs after this patch.
• Have a maintainer explicitly accept the non-ClawHub source-install boundary.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Needs real behavior proof before merge: The PR body lists focused Vitest/autoreview proof only; it needs redacted terminal output or media showing the real openclaw skills install behavior, and updating the PR body should trigger re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• The PR body provides test-only proof; no real CLI run demonstrates the new install path after the patch.
• The feature intentionally lets user-invoked Git/local installs bypass ClawHub version and update tracking, so maintainers need to accept that source-trust boundary.
• The protected maintainer label requires explicit maintainer handling before merge.

Maintainer options:

1. Require real source-install proof (recommended)
   Ask for redacted terminal output, a terminal screenshot, or a short recording showing openclaw skills install from a local skill directory and a Git source after this patch.
2. Accept the non-ClawHub trust boundary
   Maintainers can explicitly accept that Git/local installs are user-invoked, scanned locally, and excluded from ClawHub update tracking.
3. Pause for registry-only policy
   If core skill installation should stay ClawHub-only, pause or close this direction in favor of manual skill placement or ClawHub publication.

Next step before merge
Protected maintainer handling and missing real behavior proof make this a human-review path, not a ClawSweeper repair candidate.

Security
Cleared: The diff is security-sensitive because it adds source installs, but it uses sanitized Git command execution and the existing skill install scan path; I found no concrete code-level security defect.

Review details

Best possible solution:

Keep the PR open for maintainer approval of the Git/local skill install surface, add redacted real CLI proof, and land only if maintainers accept the non-ClawHub source boundary.

Do we have a high-confidence way to reproduce the issue?

Not applicable; this is a feature PR rather than a bug report. Source inspection confirms current main is ClawHub-only and the branch adds the new install route, but I did not run the CLI in this read-only review.

Is this the best way to solve the issue?

Yes, with merge gates: reusing the existing skill installer/security scan and ClawHub untracking is the maintainable boundary. The remaining question is maintainer acceptance plus real behavior proof for the new CLI path.

Label changes:

• add P2: This is a normal-priority user-facing CLI feature touching skills installation and docs, with limited blast radius but real review value.
• add merge-risk: 🚨 security-boundary: Merging adds new Git/local skill source installs that bypass ClawHub registry tracking and rely on local install scanning.
• add rating: 🧂 unranked krab: Current PR rating is 🧂 unranked krab because proof is 🧂 unranked krab, patch quality is 🐚 platinum hermit, and The patch shape is reasonable, but contributor proof is test-only, which leaves the PR not quality-ready for merge under the real behavior proof gate.
• add status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body lists focused Vitest/autoreview proof only; it needs redacted terminal output or media showing the real openclaw skills install behavior, and updating the PR body should trigger re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Label justifications:

• P2: This is a normal-priority user-facing CLI feature touching skills installation and docs, with limited blast radius but real review value.
• merge-risk: 🚨 security-boundary: Merging adds new Git/local skill source installs that bypass ClawHub registry tracking and rely on local install scanning.
• rating: 🧂 unranked krab: Current PR rating is 🧂 unranked krab because proof is 🧂 unranked krab, patch quality is 🐚 platinum hermit, and The patch shape is reasonable, but contributor proof is test-only, which leaves the PR not quality-ready for merge under the real behavior proof gate.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body lists focused Vitest/autoreview proof only; it needs redacted terminal output or media showing the real openclaw skills install behavior, and updating the PR body should trigger re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

What I checked:

• Protected label: The provided GitHub context shows the PR has the protected maintainer label, so this workflow must keep it open for explicit maintainer handling.
• Current main behavior: Current main registers openclaw skills install as a ClawHub-only install command that calls installSkillFromClawHub. (src/cli/skills-cli.ts:151, a30ac3f8d7cb)
• PR route for new sources: The PR routes git: and path-like specs to installSkillFromSource, rejects --version for those sources, and leaves ClawHub installs on the existing path. (src/cli/skills-cli.ts:180, 64cbf37138c9)
• Installer boundary reuse: The source installer calls installExtractedSkillRoot with scan metadata, removes stale ClawHub origin directories, writes source-origin metadata, and untracks the slug from ClawHub updates. (src/agents/skills-source-install.ts:210, 64cbf37138c9)
• Existing skill scan path: The reused skill installer runs scanSkillInstallSource before copying an extracted skill root into the target skills directory. (src/agents/skills-archive-install.ts:157, a30ac3f8d7cb)
• Git command environment: The PR adds baseEnv support to runCommandWithTimeout and uses it with a sanitized Git environment for clone/rev-parse/switch commands. (src/process/exec.ts:246, 64cbf37138c9)

Likely related people:

• Peter Steinberger: Current-main blame attributes the central skills CLI, Git install parser, process exec helper, and skill install helper surfaces to the same recent commit. (role: recent area contributor; confidence: medium; commits: d1470360c420; files: src/cli/skills-cli.ts, src/plugins/git-install.ts, src/process/exec.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against a30ac3f8d7cb.

[clawsweeper]

ClawSweeper PR egg

🎁 Pass real behavior proof to wake the egg and unlock a hatchable treat.

Where did the egg go?

• The egg game starts only after the PR passes the real-behavior proof check.
• Before that, no creature or rarity is rolled. The treat waits for real proof.
• This is still just collectible flavor: proof affects review readiness, not creature quality.