feat(skills): add secure remote install and upstream watch

Author: rexleimo

.github/workflows/ci.yml

@@ -23,6 +23,7 @@ jobs:
         run: |
           python3 -m unittest \
             scripts.tests.test_ci_workflows \
+            scripts.tests.test_check_openharness_upstream \
             scripts.tests.test_verify_version_changelog \
             scripts.tests.test_verify_release_consistency \
             scripts.tests.test_resolve_release_tag \

.github/workflows/open-harness-watch.yml

@@ -0,0 +1,42 @@
+name: Open-Harness Watch
+
+on:
+  schedule:
+    - cron: "0 3 * * 1"
+  workflow_dispatch:
+
+jobs:
+  upstream-watch:
+    name: upstream watch (open-harness)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
+
+      - name: Check upstream head delta
+        id: watch
+        continue-on-error: true
+        run: |
+          python3 scripts/check_openharness_upstream.py \
+            --state-file docs/internal/competitive/open-harness-upstream.json \
+            --out-json .tmp/open-harness-watch/report.json \
+            --out-markdown .tmp/open-harness-watch/report.md \
+            --fail-on-change
+
+      - name: Upload upstream watch report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: open-harness-watch
+          path: .tmp/open-harness-watch/
+
+      - name: Fail when upstream moved
+        if: steps.watch.outcome == 'failure'
+        run: |
+          echo "open-harness upstream HEAD changed. Review artifact and refresh internal baseline."
+          exit 1

CHANGELOG.md

@@ -4,6 +4,17 @@ All notable user-visible changes are documented in this file.
 
 ## [Unreleased]
 
+### Added
+
+- `loopforge skills install <url>` for remote skill archive install into workspace `.loopforge/skills`.
+
+### Changed
+
+- Skills archive extraction is now hardened with canonical-root write boundaries and archive traversal defenses:
+  - reject parent traversal (`../`) and absolute paths
+  - reject symlink/hardlink entries during extraction
+  - regression tests cover zip-slip and tar-slip style payloads
+
 ## [1.3.0] - 2026-03-07
 
 ### Added

Cargo.lock

@@ -25,6 +25,7 @@ axum = "0.8"
 base64 = "0.22"
 clap = { version = "4", features = ["derive"] }
 dirs = "5"
+flate2 = "1"
 hmac = "0.12"
 reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
 rusqlite = { version = "0.31", features = ["bundled"] }
@@ -33,9 +34,11 @@ serde_json = "1"
 serial_test = "3"
 semver = { version = "1", features = ["serde"] }
 sha2 = "0.10"
+tar = "0.4"
 tempfile = "3"
 thiserror = "2"
 tokio = { version = "1", features = ["rt-multi-thread", "macros", "net", "process", "time"] }
 toml = "0.8"
 tower = { version = "0.5", features = ["util"] }
 uuid = { version = "1", features = ["v4"] }
+zip = { version = "0.6", default-features = false, features = ["deflate"] }

Cargo.toml

@@ -5,5 +5,6 @@ mod tests;
 
 pub(crate) use commands::{
     AcpCommand, AgentCommand, AgentKind, ChannelCommand, Cli, Command, ConfigCommand, CronCommand,
-    DaemonCommand, HarnessCommand, McpCommand, ReleaseCommand, SessionCommand, SkillsCommand,
+    DaemonCommand, HarnessCommand, McpCommand, ReleaseCommand, SessionCommand, SkillsArchiveFormat,
+    SkillsCommand,
 };

crates/loopforge-cli/src/cli.rs

@@ -25,7 +25,7 @@ pub(crate) use harness::HarnessCommand;
 pub(crate) use mcp::McpCommand;
 pub(crate) use release::ReleaseCommand;
 pub(crate) use session::SessionCommand;
-pub(crate) use skills::SkillsCommand;
+pub(crate) use skills::{SkillsArchiveFormat, SkillsCommand};
 
 #[derive(Debug, Parser)]
 #[command(name = "loopforge")]

crates/loopforge-cli/src/cli/commands.rs

@@ -2,6 +2,14 @@ use std::path::PathBuf;
 
 use super::agent::AgentKind;
 
+#[derive(Debug, Clone, Copy, clap::ValueEnum)]
+pub(crate) enum SkillsArchiveFormat {
+    Auto,
+    Zip,
+    Tar,
+    TarGz,
+}
+
 #[derive(Debug, clap::Subcommand)]
 pub(crate) enum SkillsCommand {
     /// List discovered skills (workspace + ~/.codex/skills)
@@ -36,6 +44,23 @@ pub(crate) enum SkillsCommand {
         #[arg(long)]
         strict: bool,
     },
+    /// Install one skill archive from URL into workspace .loopforge/skills
+    Install {
+        /// Skill archive URL (zip/tar/tar.gz)
+        url: String,
+        /// Workspace root directory
+        #[arg(long, default_value = ".")]
+        workspace: PathBuf,
+        /// Archive format (auto detects by bytes when omitted)
+        #[arg(long, value_enum, default_value_t = SkillsArchiveFormat::Auto)]
+        format: SkillsArchiveFormat,
+        /// Replace an existing skill with the same manifest name
+        #[arg(long)]
+        force: bool,
+        /// Print JSON output (machine-readable)
+        #[arg(long)]
+        json: bool,
+    },
     /// Execute one skill with real runtime tools and model routing
     Run {
         /// Skill name

crates/loopforge-cli/src/cli/commands/skills.rs

@@ -117,6 +117,26 @@ fn cli_parses_skills_run_subcommand() {
     );
 }
 
+#[test]
+fn cli_parses_skills_install_subcommand() {
+    let parsed = Cli::try_parse_from([
+        "loopforge",
+        "skills",
+        "install",
+        "https://example.com/hello-skill.zip",
+        "--workspace",
+        ".",
+        "--format",
+        "zip",
+        "--force",
+        "--json",
+    ]);
+    assert!(
+        parsed.is_ok(),
+        "expected `loopforge skills install` to parse, got: {parsed:?}"
+    );
+}
+
 #[test]
 fn cli_parses_onboard_subcommand() {
     let parsed = Cli::try_parse_from([

crates/loopforge-cli/src/cli/tests.rs

@@ -1,4 +1,5 @@
 mod doctor;
+mod install;
 mod listing;
 mod run;
 
@@ -17,6 +18,13 @@ pub(super) async fn run(command: SkillsCommand) -> anyhow::Result<()> {
             json,
             strict,
         } => doctor::run_doctor(workspace, json, strict),
+        SkillsCommand::Install {
+            url,
+            workspace,
+            format,
+            force,
+            json,
+        } => install::run_install(url, workspace, format, force, json).await,
         SkillsCommand::Run {
             name,
             workspace,