skill-install

仓库: cexll/myclaude
安装量: 141
排名: #6096

安装

npx skills add https://github.com/cexll/myclaude --skill skill-install

Skill Install Overview

Install Claude skills from GitHub repositories with built-in security scanning to protect against malicious code, backdoors, and vulnerabilities.

When to Use

Trigger this skill when the user:

Provides a GitHub repository URL and wants to install skills Asks to "install skills from GitHub" Wants to browse and select skills from a repository Needs to add new skills to their Claude environment Workflow Step 1: Parse GitHub URL

Accept a GitHub repository URL from the user. The URL should point to a repository containing a skills/ directory.

Supported URL formats:

https://github.com/user/repo https://github.com/user/repo/tree/main/skills https://github.com/user/repo/tree/branch-name/skills

Extract:

Repository owner Repository name Branch (default to main if not specified) Step 2: Fetch Skills List

Use the WebFetch tool to retrieve the skills directory listing from GitHub.

GitHub API endpoint pattern:

https://api.github.com/repos/{owner}/{repo}/contents/skills?ref={branch}

Parse the response to extract:

Skill directory names Each skill should be a subdirectory containing a SKILL.md file Step 3: Present Skills to User

Use the AskUserQuestion tool to let the user select which skills to install.

Set multiSelect: true to allow multiple selections.

Present each skill with:

Skill name (directory name) Brief description (if available from SKILL.md frontmatter) Step 4: Fetch Skill Content

For each selected skill, fetch all files in the skill directory:

Get the file tree for the skill directory Download all files (SKILL.md, scripts/, references/, assets/) Store the complete skill content for security analysis

Use WebFetch with GitHub API:

https://api.github.com/repos/{owner}/{repo}/contents/skills/{skill_name}?ref={branch}

For each file, fetch the raw content:

https://raw.githubusercontent.com/{owner}/{repo}/{branch}/skills/{skill_name}/{file_path}

Step 5: Security Scan

CRITICAL: Before installation, perform a thorough security analysis of each skill.

Read the security scan prompt template from references/security_scan_prompt.md and apply it to analyze the skill content.

Examine for:

Malicious Command Execution - eval, exec, subprocess with shell=True Backdoor Detection - obfuscated code, suspicious network requests Credential Theft - accessing ~/.ssh, ~/.aws, environment variables Unauthorized Network Access - external requests to suspicious domains File System Abuse - destructive operations, unauthorized writes Privilege Escalation - sudo attempts, system modifications Supply Chain Attacks - suspicious package installations

Output the security analysis with:

Security Status: SAFE / WARNING / DANGEROUS Risk Level: LOW / MEDIUM / HIGH / CRITICAL Detailed findings with file locations and severity Recommendation: APPROVE / APPROVE_WITH_WARNINGS / REJECT Step 6: User Decision

Based on the security scan results:

If SAFE (APPROVE):

Proceed directly to installation

If WARNING (APPROVE_WITH_WARNINGS):

Display the security warnings to the user Use AskUserQuestion to confirm: "Security warnings detected. Do you want to proceed with installation?" Options: "Yes, install anyway" / "No, skip this skill"

If DANGEROUS (REJECT):

Display the critical security issues Refuse to install Explain why the skill is dangerous Do NOT provide an option to override for CRITICAL severity issues Step 7: Install Skills

For approved skills, install to ~/.claude/skills/:

Create the skill directory: ~/.claude/skills/{skill_name}/ Write all skill files maintaining the directory structure Ensure proper file permissions (executable for scripts) Verify SKILL.md exists and has valid frontmatter

Use the Write tool to create files.

Step 8: Confirmation

After installation, provide a summary:

List of successfully installed skills List of skipped skills (if any) with reasons Location: ~/.claude/skills/ Next steps: "The skills are now available. Restart Claude or use them directly." Example Usage

User: "Install skills from https://github.com/example/claude-skills"

Assistant:

Fetches skills list from the repository Presents available skills: "skill-a", "skill-b", "skill-c" User selects "skill-a" and "skill-b" Performs security scan on each skill skill-a: SAFE - proceeds to install skill-b: WARNING (makes HTTP request) - asks user for confirmation Installs approved skills to ~/.claude/skills/ Confirms: "Successfully installed: skill-a, skill-b" Security Notes Never skip security scanning - Always analyze skills before installation Be conservative - When in doubt, flag as WARNING and let user decide Critical issues are blocking - CRITICAL severity findings cannot be overridden Transparency - Always show users what was found during security scans Sandboxing - Remind users that skills run with Claude's permissions Resources references/security_scan_prompt.md

Contains the detailed security analysis prompt template with:

Complete list of security categories to check Output format requirements Example analyses for safe, suspicious, and dangerous skills Decision criteria for APPROVE/REJECT recommendations

Load this file when performing security scans to ensure comprehensive analysis.

返回排行榜