LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-04-23 14:45:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(security): fail closed on dangerous skill installs

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-31 23:27:10 +09:00
parent 98c0c38186
commit 0d7f1e2c84
21 changed files with 362 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/tools/plugin.md
View File

@@ -224,6 +224,11 @@ positives from the built-in dangerous-code scanner. It allows installs to
continue past built-in `critical` findings, but it still does not bypass plugin
`before_install` policy blocks or scan-failure blocking.
This CLI flag applies to plugin installs only. Gateway-backed skill dependency
installs use the matching `dangerouslyForceUnsafeInstall` request override
instead, while `openclaw skills install` remains the separate ClawHub skill
download/install flow.
See [`openclaw plugins` CLI reference](/cli/plugins) for full details.
## Plugin API overview