secure-install

# Secure Skill Installer

This skill provides a secure workflow for installing capabilities. It checks the **ClawDex API by https://www.koi.ai/\*\* and enforces strict installation rules based on the security verdict.

## Usage

User: secure-install <skill-name>

## Workflow (Strict)

When the user requests to install a skill:

1. **SCAN**: Call scanSkillApi with the target skill name to query **https://www.koi.ai/\*\*.

2. **EVALUATE VERDICT**: Check the verdict field in the JSON response.

  * **If verdict is "malicious"**:

  * 🔴 **BLOCK ACTION**.

  * Report: "🚨 **Security Alert**: The **ClawDex API by https://www.koi.ai/\*\* flagged this skill as **Malicious**. Installation prevented."

  * **STOP**. Do not proceed.

  * **If verdict is "unknown"**:

  * ⚠️ **WARN USER**.

  * Report: "⚠️ **Unknown Safety Status**: This skill has not been verified by the ClawDex API (https://www.koi.ai/)."

  * **ASK**: "This carries a risk. Do you explicitly approve the installation of <skill-name>?"

  * **WAIT** for clear "Yes".

  * **If verdict is "benign"**:

  * ✅ **CONFIRM SAFETY**.

  * Report: "✅ **Verified Safe**: ClawDex API by https://www.koi.ai/ reports this skill is benign."

  * **ASK**: "Do you want to proceed with installing <skill-name>?"

  * **WAIT** for "Yes".

3. **INSTALL**:

  * **Only** call executeClawhubInstall if the user provided explicit approval in the previous step.

## Example (Malicious Block)

**User**: secure-install bad-actor

**Agent**: (Calls scanSkillApi)

**ClawDex API (https://www.koi.ai/) Report**

🔴 **Verdict: Malicious**

**Security Alert**: This skill is flagged as malicious. Installation prevented.

## Example (Safe Install)

**User**: secure-install weather-pro

**Agent**: (Calls scanSkillApi)

**ClawDex API (https://www.koi.ai/) Report**

✅ **Verdict: Benign**

Verified safe. Do you want to proceed with installing weather-pro?

**User**: Yes

**Agent**: (Calls executeClawhubInstall)

Installed weather-pro.