From bea62e6dce6e5bba320a66bf51f366a8a2f274ab Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Fri, 1 May 2026 20:59:59 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@257a3c068d1360874ca2099d5e503571d916f327 --- .openclaw-sync/source.json | 4 ++-- docs/gateway/security/index.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 10c255a0b..0f9d9a580 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "112dedd0939b8a4972c49686f626124c68c36364", - "syncedAt": "2026-05-01T20:57:02.394Z" + "sha": "257a3c068d1360874ca2099d5e503571d916f327", + "syncedAt": "2026-05-01T20:58:04.963Z" } diff --git a/docs/gateway/security/index.md b/docs/gateway/security/index.md index 985113574..18b5da40f 100644 --- a/docs/gateway/security/index.md +++ b/docs/gateway/security/index.md @@ -511,7 +511,7 @@ Plugins run **in-process** with the Gateway. Treat them as trusted code: - If you install or update plugins (`openclaw plugins install `, `openclaw plugins update `), treat it like running untrusted code: - The install path is the per-plugin directory under the active plugin install root. - OpenClaw runs a built-in dangerous-code scan before install/update. `critical` findings block by default. - - OpenClaw uses `npm pack`, then runs a project-local `npm install --omit=dev --ignore-scripts` in that directory. Inherited global npm install settings are ignored so dependencies stay under the plugin install path. + - npm and git plugin installs run package-manager dependency convergence only during the explicit install/update flow. Local paths and archives are treated as self-contained plugin packages; OpenClaw copies/references them without running `npm install`. - Prefer pinned, exact versions (`@scope/pkg@1.2.3`), and inspect the unpacked code on disk before enabling. - `--dangerously-force-unsafe-install` is break-glass only for built-in scan false positives on plugin install/update flows. It does not bypass plugin `before_install` hook policy blocks and does not bypass scan failures. - Gateway-backed skill dependency installs follow the same dangerous/suspicious split: built-in `critical` findings block unless the caller explicitly sets `dangerouslyForceUnsafeInstall`, while suspicious findings still warn only. `openclaw skills install` remains the separate ClawHub skill download/install flow.