Issue Station
Sign In
Tools hereToolbox

openclaw - ✅(Solved) Fix [Skills] 37 "Skipping skill path that resolves outside its configured root" warnings from built-in extensions [4 pull requests, 2 comments, 3 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#43745Fetched 2026-04-08 00:17:34
View on GitHub
Comments
2
Participants
3
Timeline
12
Reactions
0
Author
mashuai333mashuai333
Participants
contentfreecontentfreeguang384guang384mashuai333mashuai333
Timeline (top)
cross-referenced ×5commented ×2labeled ×2subscribed ×2

Root Cause

Fix Action

Fixed

PR fix notes

PR #44022: fix: stop false-positive built-in extension skill root warnings

Description (problem / solution / changelog)

Summary

  • make skill root containment fall back to device/inode ancestry when realpath strings diverge
  • keep the existing path escape rejection for true escapes
  • add a regression test for plugin skills loaded through aliased realpath ancestry

Testing

  • pnpm exec vitest run src/agents/skills.loadworkspaceskillentries.test.ts src/agents/skills/plugin-skills.test.ts

Closes #43745

Changed files

  • src/agents/skills.loadworkspaceskillentries.test.ts (modified, +81/-1)
  • src/agents/skills/workspace.ts (modified, +44/-1)

PR #16: Fix/acpx runtime skill copy

Description (problem / solution / changelog)

Summary

  • Problem: dist-runtime staged bundled plugin skill trees as symlinks back into dist/..., so the skill loader's realpath containment check saw those bundled skills as escaping the configured runtime root and skipped them.
  • Why it matters: bundled extension skills such as acpx/skills/acp-router could disappear from the runtime overlay even though the containment guard was working as intended.
  • What changed: the runtime overlay still keeps manifest-declared bundled skill trees physically copied inside dist-runtime, but the manifest handling is now descriptor-driven and the Codex path resolution matches the canonical bundle semantics instead of additively copying the default skills/ tree when a manifest declares a different root.
  • What did NOT change (scope boundary): this does not relax the skill-loader containment check, trust manifestless bundle layouts, or change unrelated symlink behavior outside the declared runtime skill trees.

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Gateway / orchestration
  • Skills / tool execution
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

  • Closes #
  • Related #43745
  • Related #41651
  • Related #44522
  • Related #47601
  • Related #48595

User-visible / Behavior Changes

  • Bundled extension skills declared by plugin manifests stay loadable from dist-runtime instead of being skipped as escaped paths.
  • Runtime staging now keeps its copy set aligned with the manifest-declared skill roots instead of widening Codex bundles to an extra default skills/ tree when a custom root is declared.
  • Unrelated runtime-overlay artifacts keep the prior symlink/wrapper behavior.

Security Impact (required)

  • New permissions/capabilities? (Yes/No) No
  • Secrets/tokens handling changed? (Yes/No) No
  • New/changed network calls? (Yes/No) No
  • Command/tool execution surface changed? (Yes/No) No
  • Data access scope changed? (Yes/No) No
  • If any Yes, explain risk + mitigation:

Notes:

  • This remains a packaging/runtime-overlay fix, not a skill-loader security weakening.
  • The realpath containment check stays in place.
  • Manifest-declared paths still go through plugin-root containment checks before being copied.

Repro + Verification

Environment

  • OS: Ubuntu 24.04
  • Runtime/container: dist/ + dist-runtime bundled plugin overlay
  • Model/provider: N/A
  • Integration/channel (if any): :
  • Relevant config (redacted):

Steps

  1. Build/stage bundled plugins so the runtime overlay exposes bundled skill trees under dist-runtime/extensions/<plugin>.
  2. Run the targeted runtime-staging test suite.
  3. Let the skill loader resolve those paths with realpath against the configured bundled root under dist-runtime.

Expected

  • Manifest-declared bundled skills remain physically inside dist-runtime and pass the existing containment check.
  • The runtime copy set stays limited to the declared skill roots for each supported manifest format.

Actual

  • Before the patch, those skill paths were symlinked back into dist/..., so the loader resolved them outside the configured dist-runtime root and skipped them.
  • Before this review refinement, Codex bundles with an explicit custom skill root would also copy the default skills/ tree additively inside dist-runtime, which was broader than the canonical bundle semantics.
  • After the final patch, declared bundled skill trees stay copied inside dist-runtime, and the Codex copy behavior stays bound to the declared roots.

Evidence

Attach at least one:

  • Failing test/log before + passing after
  • Trace/log snippets
  • Screenshot/recording
  • Perf numbers (if relevant)

18:24:51 warn skills {"subsystem":"skills"} {"source":"openclaw-extra","rootDir":"/root/openclaw/dist-runtime/extensions/acpx/skills","path":"/root/openclaw/dist-runtime/extensions/acpx/skills/acp-router/SKILL.md","realPath":"/root/openclaw/dist/extensions/acpx/skills/acp-router/SKILL.md"} Skipping skill path that resolves outside its configured root. <img width="881" height="333" alt="image" src="https://github.com/user-attachments/assets/8d65a3f2-3104-4531-bbe1-091b2d4778da" /> After skill loaded succefully <img width="837" height="312" alt="image" src="https://github.com/user-attachments/assets/b7880b02-670c-4793-bd82-9e1d2f5cfa3d" />

Evidence summary:

  • Targeted regression suite: pnpm test -- src/plugins/stage-bundled-plugin-runtime.test.ts
  • Result on the final review branch: 9/9 tests passed
  • Coverage verifies all of:
    • native manifest-declared skill assets are copied into dist-runtime while unrelated artifacts stay symlinked
    • acpx-style bundled skills remain loadable from the dist-runtime bundled plugin root
    • Codex bundles only copy the declared skill root, not an extra default skills/ tree when a custom root is declared

Human Verification (required)

What was verified for this draft:

  • Verified scenarios:
    • reviewed the runtime-packaging diff on fix/acpx-runtime-skill-copy
    • confirmed the final implementation keeps the fix at the packaging layer and preserves the containment guard
    • targeted test src/plugins/stage-bundled-plugin-runtime.test.ts passed (9/9)
  • Edge cases checked:
    • unrelated overlay artifacts stayed on the existing symlink/wrapper path
    • Codex bundles with an explicit custom skill root no longer copy the fallback skills/ tree additively
    • manifest-declared paths are still rejected if they escape the plugin root
  • What you did not verify:
    • full repo test suite
    • live packaged build/manual runtime smoke outside the targeted test coverage
    • every bundle format end-to-end via discovery + execution

Compatibility / Migration

  • Backward compatible? (Yes/No) Yes
  • Config/env changes? (Yes/No) No
  • Migration needed? (Yes/No) No
  • If yes, exact upgrade steps:

Failure Recovery (if this breaks)

  • How to disable/revert this change quickly: revert the merge commit.
  • Files/config to restore: scripts/stage-bundled-plugin-runtime.mjs, src/plugins/stage-bundled-plugin-runtime.test.ts
  • Known bad symptoms reviewers should watch for: bundled extension skills disappearing again from dist-runtime, escaped-root warnings returning for bundled plugin skills that should live under the runtime root, or Codex bundles copying undeclared default skill trees into the runtime overlay.

Risks and Mitigations

  • Risk: copying more than the intended plugin paths into dist-runtime could widen the runtime overlay and reintroduce layout problems.
    • Mitigation: the copy set is still limited to declared skill roots, and the Codex case now matches the canonical declared-path semantics instead of copying an additive default.
  • Risk: manifest parsing could accidentally accept paths outside the plugin root.
    • Mitigation: the staging script still normalizes declared paths and rejects escaped paths before copying.
  • Risk: over-generalizing the staging script could make it trust layouts that the runtime loader does not actually recognize.
    • Mitigation: the final change stops at supported manifest files only; it does not add manifestless heuristics.

AI-Assisted Disclosure

  • AI-assisted: Yes
  • Tools used: Codex/OpenClaw-assisted implementation and iteration
  • Testing level: manually validated + targeted automated tests
  • Author verification: final code paths, config behavior, and runtime checks were reviewed.

Changed files

  • scripts/stage-bundled-plugin-runtime.mjs (modified, +189/-10)
  • src/plugins/stage-bundled-plugin-runtime.test.ts (modified, +228/-11)

PR #49198: Fix/dist-runtime skill copy instead of symlink

Description (problem / solution / changelog)

Summary

  • Problem: dist-runtime staged bundled plugin skill trees as symlinks back into dist/..., so the skill loader's realpath containment check saw those bundled skills as escaping the configured runtime root and skipped them.
  • Why it matters: bundled extension skills such as acpx/skills/acp-router could disappear from the runtime overlay even though the containment guard was working as intended.
  • What changed: the runtime overlay still keeps manifest-declared bundled skill trees physically copied inside dist-runtime, but the manifest handling is now descriptor-driven and the Codex path resolution matches the canonical bundle semantics instead of additively copying the default skills/ tree when a manifest declares a different root.
  • What did NOT change (scope boundary): this does not relax the skill-loader containment check, trust manifestless bundle layouts, or change unrelated symlink behavior outside the declared runtime skill trees.

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Gateway / orchestration
  • Skills / tool execution
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

  • Closes #
  • Related #43745
  • Related #41651
  • Related #44522
  • Related #47601
  • Related #48595

User-visible / Behavior Changes

  • Bundled extension skills declared by plugin manifests stay loadable from dist-runtime instead of being skipped as escaped paths.
  • Runtime staging now mirrors the current host bundle-manifest semantics for each supported bundle format:
  • Codex: declared skill roots when present, otherwise conventional defaults
  • Claude / Cursor: declared roots remain additive with conventional defaults, matching current src/plugins/bundle-manifest.ts behavior
  • Unrelated runtime-overlay artifacts keep the prior symlink/wrapper behavior.

Security Impact (required)

  • New permissions/capabilities? (Yes/No) No
  • Secrets/tokens handling changed? (Yes/No) No
  • New/changed network calls? (Yes/No) No
  • Command/tool execution surface changed? (Yes/No) No
  • Data access scope changed? (Yes/No) No
  • If any Yes, explain risk + mitigation:

Notes:

  • This remains a packaging/runtime-overlay fix, not a skill-loader security weakening.
  • The realpath containment check stays in place.
  • Manifest-declared paths still go through plugin-root containment checks before being copied.

Repro + Verification

Environment

  • OS: Ubuntu 24.04
  • Runtime/container: dist/ + dist-runtime bundled plugin overlay
  • Model/provider: N/A
  • Integration/channel (if any): :
  • Relevant config (redacted):

Steps

  1. Build/stage bundled plugins so the runtime overlay exposes bundled skill trees under dist-runtime/extensions/<plugin>.
  2. Run the targeted runtime-staging test suite.
  3. Let the skill loader resolve those paths with realpath against the configured bundled root under dist-runtime.

Expected

  • Manifest-declared bundled skills remain physically inside dist-runtime and pass the existing containment check.
  • The runtime copy set stays limited to the declared skill roots for each supported manifest format.

Actual

  • Before the patch, those skill paths were symlinked back into dist/..., so the loader resolved them outside the configured dist-runtime root and skipped them.
  • Before this review refinement, Codex bundles with an explicit custom skill root would also copy the default skills/ tree additively inside dist-runtime, which was broader than the canonical bundle semantics.
  • After the final patch, declared bundled skill trees stay copied inside dist-runtime, and the Codex copy behavior stays bound to the declared roots.

Evidence

Attach at least one:

  • Failing test/log before + passing after
  • Trace/log snippets
  • Screenshot/recording
  • Perf numbers (if relevant)

18:24:51 warn skills {"subsystem":"skills"} {"source":"openclaw-extra","rootDir":"/root/openclaw/dist-runtime/extensions/acpx/skills","path":"/root/openclaw/dist-runtime/extensions/acpx/skills/acp-router/SKILL.md","realPath":"/root/openclaw/dist/extensions/acpx/skills/acp-router/SKILL.md"} Skipping skill path that resolves outside its configured root. <img width="881" height="333" alt="image" src="https://github.com/user-attachments/assets/8d65a3f2-3104-4531-bbe1-091b2d4778da" /> After skill loaded succefully <img width="837" height="312" alt="image" src="https://github.com/user-attachments/assets/b7880b02-670c-4793-bd82-9e1d2f5cfa3d" />

Evidence summary:

  • Targeted regression suite: pnpm test -- src/plugins/stage-bundled-plugin-runtime.test.ts
  • Result on the final review branch: 9/9 tests passed
  • Coverage verifies all of:
    • native manifest-declared skill assets are copied into dist-runtime while unrelated artifacts stay symlinked
    • acpx-style bundled skills remain loadable from the dist-runtime bundled plugin root
    • Codex bundles only copy the declared skill root, not an extra default skills/ tree when a custom root is declared

Human Verification (required)

What was verified for this draft:

  • Verified scenarios:
    • reviewed the runtime-packaging diff on fix/acpx-runtime-skill-copy
    • confirmed the final implementation keeps the fix at the packaging layer and preserves the containment guard
    • targeted test src/plugins/stage-bundled-plugin-runtime.test.ts passed (9/9)
  • Edge cases checked:
    • unrelated overlay artifacts stayed on the existing symlink/wrapper path
    • Codex bundles with an explicit custom skill root no longer copy the fallback skills/ tree additively
    • manifest-declared paths are still rejected if they escape the plugin root
  • What you did not verify:
    • full repo test suite
    • live packaged build/manual runtime smoke outside the targeted test coverage
    • every bundle format end-to-end via discovery + execution

Compatibility / Migration

  • Backward compatible? (Yes/No) Yes
  • Config/env changes? (Yes/No) No
  • Migration needed? (Yes/No) No
  • If yes, exact upgrade steps:

Failure Recovery (if this breaks)

  • How to disable/revert this change quickly: revert the merge commit.
  • Files/config to restore: scripts/stage-bundled-plugin-runtime.mjs, src/plugins/stage-bundled-plugin-runtime.test.ts
  • Known bad symptoms reviewers should watch for: bundled extension skills disappearing again from dist-runtime, escaped-root warnings returning for bundled plugin skills that should live under the runtime root, or Codex bundles copying undeclared default skill trees into the runtime overlay.

Risks and Mitigations

  • Risk: copying more than the intended plugin paths into dist-runtime could widen the runtime overlay and reintroduce layout problems.
    • Mitigation: the copy set is still limited to declared skill roots, and the Codex case now matches the canonical declared-path semantics instead of copying an additive default.
  • Risk: manifest parsing could accidentally accept paths outside the plugin root.
    • Mitigation: the staging script still normalizes declared paths and rejects escaped paths before copying.
  • Risk: over-generalizing the staging script could make it trust layouts that the runtime loader does not actually recognize.
    • Mitigation: the final change stops at supported manifest files only; it does not add manifestless heuristics.

Scope / Non-goals

  • This PR fixes runtime-overlay packaging so dist-runtime stays consistent with the existing bundle-manifest loader.
  • This PR does not redefine cross-format bundle semantics.
  • If OpenClaw later wants all bundle formats to use declared-or-defaults semantics, that should be handled as a separate behavioral change in src/plugins/bundle-manifest.ts.

AI-Assisted Disclosure

  • AI-assisted: Yes
  • Tools used: Codex/OpenClaw-assisted implementation and iteration
  • Testing level: manually validated + targeted automated tests
  • Author verification: final code paths, config behavior, and runtime checks were reviewed.

Changed files

  • scripts/stage-bundled-plugin-runtime.mjs (modified, +197/-10)
  • src/plugins/stage-bundled-plugin-runtime.test.ts (modified, +382/-11)

PR #49215: fix(plugins): stage bundled skills inside runtime root

Description (problem / solution / changelog)

Summary

  • Problem: bundled extension skills/ files get symlinked from dist-runtime back into dist, which makes skill discovery treat them as outside the configured runtime root.
  • Why it matters: built-in extensions can spam Skipping skill path that resolves outside its configured root. warnings even though the bundled skills are part of the shipped runtime.
  • What changed: copy skills/ trees into dist-runtime alongside existing copied plugin metadata files, and add regression coverage for the runtime-root case.
  • What did NOT change (scope boundary): this does not relax root validation or change workspace-skill loading behavior.

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Gateway / orchestration
  • Skills / tool execution
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

  • Closes #43745
  • Related #49134

User-visible / Behavior Changes

Built-in extension skills staged under dist-runtime no longer warn as “outside its configured root” during skill discovery.

Security Impact (required)

  • New permissions/capabilities? (Yes/No) No
  • Secrets/tokens handling changed? (Yes/No) No
  • New/changed network calls? (Yes/No) No
  • Command/tool execution surface changed? (Yes/No) No
  • Data access scope changed? (Yes/No) No
  • If any Yes, explain risk + mitigation:

Repro + Verification

Environment

  • OS: Ubuntu 24.04
  • Runtime/container: Node 22 source checkout
  • Model/provider: n/a
  • Integration/channel (if any): n/a
  • Relevant config (redacted): none

Steps

  1. Build bundled extensions so they are staged into dist-runtime.
  2. Inspect a bundled extension skill path under dist-runtime/extensions/*/skills/*.
  3. Run skill discovery or doctor.

Expected

  • Bundled extension skills resolve inside the runtime root and do not trigger root-validation warnings.

Actual

  • Before this change, bundled extension skills were symlinked back into dist, so discovery could warn that they resolved outside the configured root.

Evidence

Attach at least one:

  • Failing test/log before + passing after
  • Trace/log snippets
  • Screenshot/recording
  • Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

  • Verified scenarios: copied a bundled plugin skills/ tree into dist-runtime with the updated staging script and confirmed both SKILL.md and companion files resolved inside the runtime root; ran CI=1 pnpm exec vitest run src/plugins/stage-bundled-plugin-runtime.test.ts src/config/sessions/artifacts.test.ts src/config/sessions/store.pruning.integration.test.ts on the maintained source tree and confirmed the plugin test file passed.
  • Edge cases checked: companion non-JS files inside skills/ are copied instead of symlinked.
  • What you did not verify: a packaged npm/global install end-to-end.

Review Conversations

  • I replied to or resolved every bot review conversation I addressed in this PR.
  • I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

  • Backward compatible? (Yes/No) Yes
  • Config/env changes? (Yes/No) No
  • Migration needed? (Yes/No) No
  • If yes, exact upgrade steps:

Failure Recovery (if this breaks)

  • How to disable/revert this change quickly: revert this commit; bundled runtime staging falls back to the previous symlink behavior.
  • Files/config to restore: scripts/stage-bundled-plugin-runtime.mjs
  • Known bad symptoms reviewers should watch for: bundled extension skill warnings reappearing, or unexpected runtime-root validation failures for built-in skills.

Risks and Mitigations

  • Risk: copying skills/ trees changes how bundled extension assets are materialized in dist-runtime.
    • Mitigation: the change is limited to skills/ paths, preserves existing symlink behavior for other assets, and adds targeted regression coverage.

Changed files

  • scripts/stage-bundled-plugin-runtime.mjs (modified, +2/-0)
  • src/plugins/stage-bundled-plugin-runtime.test.ts (modified, +67/-0)

Code Example

## 🐛 Bug Description

When running `openclaw doctor` or `openclaw skills list`, I get 37 warnings:

---

### Steps to reproduce

These warnings come from built-in extension skill directories, not from workspace skills.

## 🔍 Investigation Results

### Warning Sources

The warnings come from these built-in extensions:
- `~/.npm-global/lib/node_modules/openclaw/extensions/diffs/`
- `~/.npm-global/lib/node_modules/openclaw/extensions/feishu/`
- `~/.npm-global/lib/node_modules/openclaw/extensions/open-prose/`
- Other extension skill directories

### What I've Tried

1.**Workspace skills fixed**: Added `SKILL.md` to all auxiliary directories (scripts/, references/, assets/, etc.)
2.**Memory cleaned**: Removed duplicate entries from MEMORY.md
3.**No symlinks**: Verified no symbolic links in skill directories
4.**Realpath check**: All directories resolve correctly within their roots

### Test Results

---

**Conclusion**: Warnings come from `extensions/` directory skill loading.


### Expected behavior

No warnings should appear for built-in extension skills that are properly configured.

### Actual behavior

## 🔧 Impact

- **Functionality**: Skills work correctly, no functional impact
- **User Experience**: Warning spam in logs (37 warnings per command)
- **Performance**: Minimal (just log output)

## 📝 Suggestions

1. Fix the root path validation for extension skills
2. Add `.skillignore` support for auxiliary directories
3. Reduce warning verbosity for known patterns

### OpenClaw version

2026.3.8 (3caab92)

### Operating system

Linux 6.6.87.2-microsoft-standard-WSL2 (x64) - WSL2 on Windows

### Install method

npm global install

### Model

bailian/qwen3.5-plus

### Provider / routing chain

openclaw -> bailian

### Config file / key location

~/.openclaw/openclaw.json ; models.providers.bailian

### Additional provider/model setup details

Default model: bailian/qwen3.5-plus
Model pool configured with 8 models (qwen3.5-plus, qwen3-max, glm-5, etc.)

### Logs, screenshots, and evidence
RAW_BUFFERClick to expand / collapse

Bug type

Behavior bug (incorrect output/state without crash)

Summary

## 🐛 Bug Description

When running `openclaw doctor` or `openclaw skills list`, I get 37 warnings:

[skills] Skipping skill path that resolves outside its configured root.


### Steps to reproduce

These warnings come from built-in extension skill directories, not from workspace skills.

## 🔍 Investigation Results

### Warning Sources

The warnings come from these built-in extensions:
- `~/.npm-global/lib/node_modules/openclaw/extensions/diffs/`
- `~/.npm-global/lib/node_modules/openclaw/extensions/feishu/`
- `~/.npm-global/lib/node_modules/openclaw/extensions/open-prose/`
- Other extension skill directories

### What I've Tried

1. ✅ **Workspace skills fixed**: Added `SKILL.md` to all auxiliary directories (scripts/, references/, assets/, etc.)
2. ✅ **Memory cleaned**: Removed duplicate entries from MEMORY.md
3. ✅ **No symlinks**: Verified no symbolic links in skill directories
4. ✅ **Realpath check**: All directories resolve correctly within their roots

### Test Results

```bash
# Test 1: Rename workspace skills - warnings still appear
mv ~/.openclaw/workspace/skills ~/.openclaw/workspace/skills.bak
openclaw skills list | grep "Skipping skill"  # Still 37 warnings

# Test 2: Rename built-in skills - warnings still appear  
mv ~/.npm-global/lib/node_modules/openclaw/skills ~/.npm-global/lib/node_modules/openclaw/skills.bak
openclaw skills list | grep "Skipping skill"  # Still 37 warnings

# Test 3: Rename extensions - warnings disappear!
mv ~/.npm-global/lib/node_modules/openclaw/extensions ~/.npm-global/lib/node_modules/openclaw/extensions.bak
openclaw skills list | grep "Skipping skill"  # 0 warnings!

Conclusion: Warnings come from extensions/ directory skill loading.

Expected behavior

No warnings should appear for built-in extension skills that are properly configured.

Actual behavior

🔧 Impact

  • Functionality: Skills work correctly, no functional impact
  • User Experience: Warning spam in logs (37 warnings per command)
  • Performance: Minimal (just log output)

📝 Suggestions

  1. Fix the root path validation for extension skills
  2. Add .skillignore support for auxiliary directories
  3. Reduce warning verbosity for known patterns

OpenClaw version

2026.3.8 (3caab92)

Operating system

Linux 6.6.87.2-microsoft-standard-WSL2 (x64) - WSL2 on Windows

Install method

npm global install

Model

bailian/qwen3.5-plus

Provider / routing chain

openclaw -> bailian

Config file / key location

~/.openclaw/openclaw.json ; models.providers.bailian

Additional provider/model setup details

Default model: bailian/qwen3.5-plus Model pool configured with 8 models (qwen3.5-plus, qwen3-max, glm-5, etc.)

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

No response

extent analysis

Fix Plan

To resolve the issue of warnings appearing for built-in extension skills, we need to adjust the root path validation for these skills. Here are the steps:

  • Update the openclaw code to correctly handle the root path for extension skills.
  • Add support for a .skillignore file in auxiliary directories to ignore certain paths.

Example code changes:

// Update the skill path validation function
function validateSkillPath(skillPath, rootPath) {
  // Check if the skill path is within the root path
  if (skillPath.startsWith(rootPath)) {
    return true;
  }
  // Check if the skill path is in an auxiliary directory
  const auxDirs = ['.scripts', '.references', '.assets'];
  for (const auxDir of auxDirs) {
    if (skillPath.includes(auxDir)) {
      // Ignore auxiliary directories
      return false;
    }
  }
  // If none of the above conditions are met, skip the skill path
  return false;
}

// Add support for .skillignore file
function loadSkills(rootPath) {
  const skillIgnorePath = path.join(rootPath, '.skillignore');
  if (fs.existsSync(skillIgnorePath)) {
    const ignorePatterns = fs.readFileSync(skillIgnorePath, 'utf8').split('\n');
    // Filter out skills that match the ignore patterns
    const skills = getSkills(rootPath).filter(skill => {
      for (const pattern of ignorePatterns) {
        if (skill.path.includes(pattern)) {
          return false;
        }
      }
      return true;
    });
    return skills;
  }
  // If no .skillignore file exists, load all skills
  return getSkills(rootPath);
}

Verification

To verify that the fix worked, run the following commands:

openclaw doctor
openclaw skills list

Check that there are no warnings about skipping skill paths.

Extra Tips

  • Make sure to update the openclaw version to the latest one after applying the fix.
  • If you encounter any issues with the .skillignore file, check the file format and ensure that it is correctly formatted.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

FAQ

Expected behavior

No warnings should appear for built-in extension skills that are properly configured.

#api#ssr#installation#tensor shape#autograd error#mixed precision#training loop#device allocation#model download#tokenizer error

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING