Summary

ZeroClaw addressed a skill ZIP extraction vulnerability in early July 2026, adding extraction-side and download-side limits for ClawHub skill archives. The hardening targets zip bombs and archives that lie about uncompressed sizes, a relevant trust boundary for installable agent skills.

What changed

ZeroClaw's skill installer hardening added limits around entry count, cumulative uncompressed bytes, per-entry bytes, expansion ratio, streamed download size, and regression coverage for archives whose central directory understates payload size.

Why it matters

Agent skill marketplaces turn ZIP extraction into a security boundary. Without decompression and size controls, a malicious or malformed skill package can exhaust disk, memory, or runtime resources during installation; this fix makes the plugin/skill supply chain safer.

Evidence excerpt

The related PR discussion says the implementation bounds extraction by entry count, cumulative uncompressed bytes, per-entry bytes, and expansion ratio, with tests for declared-size lies in ZIP entries.

Sources