# Secure Skill Installer
This skill provides a secure workflow for installing capabilities. It checks the **ClawDex API by https://www.koi.ai/\*\* and enforces strict installation rules based on the security verdict.
## Usage
User: secure-install <skill-name>
## Workflow (Strict)
When the user requests to install a skill:
1. **SCAN**: Call scanSkillApi with the target skill name to query **https://www.koi.ai/\*\*.
2. **EVALUATE VERDICT**: Check the verdict field in the JSON response.
* **If verdict is "malicious"**:
* ๐ด **BLOCK ACTION**.
* Report: "๐จ **Security Alert**: The **ClawDex API by https://www.koi.ai/\*\* flagged this skill as **Malicious**. Installation prevented."
* **STOP**. Do not proceed.
* **If verdict is "unknown"**:
* โ ๏ธ **WARN USER**.
* Report: "โ ๏ธ **Unknown Safety Status**: This skill has not been verified by the ClawDex API (https://www.koi.ai/)."
* **ASK**: "This carries a risk. Do you explicitly approve the installation of <skill-name>?"
* **WAIT** for clear "Yes".
* **If verdict is "benign"**:
* โ **CONFIRM SAFETY**.
* Report: "โ **Verified Safe**: ClawDex API by https://www.koi.ai/ reports this skill is benign."
* **ASK**: "Do you want to proceed with installing <skill-name>?"
* **WAIT** for "Yes".
3. **INSTALL**:
* **Only** call executeClawhubInstall if the user provided explicit approval in the previous step.
## Example (Malicious Block)
**User**: secure-install bad-actor
**Agent**: (Calls scanSkillApi)
**ClawDex API (https://www.koi.ai/) Report**
๐ด **Verdict: Malicious**
**Security Alert**: This skill is flagged as malicious. Installation prevented.
## Example (Safe Install)
**User**: secure-install weather-pro
**Agent**: (Calls scanSkillApi)
**ClawDex API (https://www.koi.ai/) Report**
โ **Verdict: Benign**
Verified safe. Do you want to proceed with installing
weather-pro?
**User**: Yes
**Agent**: (Calls executeClawhubInstall)
Installed
weather-pro.