ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Xiaopi Skill Vetter

v1.0.0

Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...

0· 51·1 current·1 all-time
byAdin@a-din·duplicate of @fedrov2025/skill-vetter-1-0-0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (skill vetting) align with the SKILL.md content: it is an instruction-only vetting protocol that teaches how to review skills and provides curl examples for GitHub. It does not request unrelated credentials or binaries. However, the package metadata is inconsistent: the registry metadata ownerId (kn7256...) differs from _meta.json.ownerId (kn71j6...), and source/homepage are unknown — a provenance gap worth noting.
Instruction Scope
Instructions are narrowly focused on reviewing skill files, checking red flags, and using GitHub API/raw.githubusercontent to fetch files. This is appropriate. Two caution points: (1) the SKILL.md tells the agent to "Read ALL files in the skill" — that should be limited to the skill package area (not host home directories) to avoid accidental exposure of unrelated secrets; (2) Quick Vet Commands run network requests (curl) — expected, but network activity should be sandboxed and results validated.
Install Mechanism
No install spec and no code files — instruction-only. This is the lowest-risk install profile and consistent with the stated purpose.
Credentials
The skill requires no environment variables, credentials, or config paths. The guidance and quick commands are network/HTTP checks that don't demand secrets. This is proportionate to a vetting checklist.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The skill does not request persistent presence or elevated privileges. There are no instructions to modify other skills or global agent settings.
Scan Findings in Context
[NO_SCAN_FINDINGS] expected: Regex scanner found nothing to analyze because this is an instruction-only skill with no code files; that is expected but leaves behavioral guarantees to the agent executing the instructions.
What to consider before installing
This skill is essentially a human-readable vetting checklist and is coherent with its stated purpose, but treat it as guidance rather than an automated authority. Before installing or letting an agent run this vetter autonomously: 1) Verify provenance — the package metadata shows inconsistent owner IDs and no homepage; prefer skills with clear authorship. 2) Run any vetting actions in a sandbox or ephemeral VM so curl/raw file fetches can't cause harm. 3) Limit the agent's file-read scope to the skill package directory (do not let it read your home, ~/.ssh, ~/.aws, or other sensitive paths). 4) Manually confirm that the agent does not automatically transmit any collected data to external endpoints. 5) Treat the output of this skill as advisory and perform a human code review for high-risk skills. If you need higher assurance, ask for the publisher's identity or a signed release before trusting automated vetting.

Like a lobster shell, security has layers — review code before you run it.

latestvk97945xb9fmdp3b38yjbwv7s3583tvht

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments