perf(test): reuse tar.bz2 workspace in download safety tests

src/agents/skills-install.download.test.ts

@@ -1,7 +1,13 @@
 import fs from "node:fs/promises";
+import os from "node:os";
 import path from "node:path";
-import { beforeEach, describe, expect, it, vi } from "vitest";
+import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
-import { withTempWorkspace, writeDownloadSkill } from "./skills-install.download-test-utils.js";
+import { createTempHomeEnv } from "../test-utils/temp-home.js";
+import {
+  setTempStateDir,
+  withTempWorkspace,
+  writeDownloadSkill,
+} from "./skills-install.download-test-utils.js";
 import { installSkill } from "./skills-install.js";
 
 const runCommandWithTimeoutMock = vi.fn();
@@ -272,8 +278,30 @@ describe("installSkill download extraction safety", () => {
 });
 
 describe("installSkill download extraction safety (tar.bz2)", () => {
+  let workspaceDir = "";
+  let stateDir = "";
+  let restoreTempHome: (() => Promise<void>) | null = null;
+
+  beforeAll(async () => {
+    const tempHome = await createTempHomeEnv("openclaw-skills-install-home-");
+    restoreTempHome = () => tempHome.restore();
+    workspaceDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-skills-install-"));
+    stateDir = setTempStateDir(workspaceDir);
+  });
+
+  afterAll(async () => {
+    if (workspaceDir) {
+      await fs.rm(workspaceDir, { recursive: true, force: true }).catch(() => undefined);
+      workspaceDir = "";
+      stateDir = "";
+    }
+    if (restoreTempHome) {
+      await restoreTempHome();
+      restoreTempHome = null;
+    }
+  });
+
   it("rejects tar.bz2 traversal before extraction", async () => {
-    await withTempWorkspace(async ({ workspaceDir, stateDir }) => {
     const url = "https://example.invalid/evil.tbz2";
 
     mockArchiveResponse(new Uint8Array([1, 2, 3]));
@@ -296,10 +324,8 @@ describe("installSkill download extraction safety (tar.bz2)", () => {
       runCommandWithTimeoutMock.mock.calls.some((call) => (call[0] as string[])[1] === "xf"),
     ).toBe(false);
   });
-  });
 
   it("rejects tar.bz2 archives containing symlinks", async () => {
-    await withTempWorkspace(async ({ workspaceDir, stateDir }) => {
     const url = "https://example.invalid/evil.tbz2";
 
     mockArchiveResponse(new Uint8Array([1, 2, 3]));
@@ -324,10 +350,8 @@ describe("installSkill download extraction safety (tar.bz2)", () => {
     expect(result.ok).toBe(false);
     expect(result.stderr.toLowerCase()).toContain("link");
   });
-  });
 
   it("extracts tar.bz2 with stripComponents safely (preflight only)", async () => {
-    await withTempWorkspace(async ({ workspaceDir, stateDir }) => {
     const url = "https://example.invalid/good.tbz2";
 
     mockArchiveResponse(new Uint8Array([1, 2, 3]));
@@ -351,10 +375,8 @@ describe("installSkill download extraction safety (tar.bz2)", () => {
       runCommandWithTimeoutMock.mock.calls.some((call) => (call[0] as string[])[1] === "xf"),
     ).toBe(true);
   });
-  });
 
   it("rejects tar.bz2 stripComponents escape", async () => {
-    await withTempWorkspace(async ({ workspaceDir, stateDir }) => {
     const url = "https://example.invalid/evil.tbz2";
 
     mockArchiveResponse(new Uint8Array([1, 2, 3]));
@@ -383,4 +405,3 @@ describe("installSkill download extraction safety (tar.bz2)", () => {
     ).toBe(false);
   });
 });
-});