romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge 7868e37c36 into fa9ec6e854

Browse Source
This commit is contained in:
Dan Ballance 2026-01-30 19:12:22 +08:00 committed by GitHub
commit 75f85256c8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/tools/skills.md
View File

@ -66,7 +66,7 @@ that up as `<workspace>/skills` on the next session.
## Security notes ## Security notes
- Treat third-party skills as **trusted code**. Read them before enabling. - Treat third-party skills as **untrusted code**. Read them before enabling.
- Prefer sandboxed runs for untrusted inputs and risky tools. See [Sandboxing](/gateway/sandboxing). - Prefer sandboxed runs for untrusted inputs and risky tools. See [Sandboxing](/gateway/sandboxing).
- `skills.entries.*.env` and `skills.entries.*.apiKey` inject secrets into the **host** process - `skills.entries.*.env` and `skills.entries.*.apiKey` inject secrets into the **host** process
for that agent turn (not the sandbox). Keep secrets out of prompts and logs. for that agent turn (not the sandbox). Keep secrets out of prompts and logs.