Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Vetter
v1.2.0Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
⭐ 0· 41·0 current·0 all-time
by十三香小精灵@atlaszj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (skill vetting) matches the instructions in SKILL.md. However package metadata (package.json main -> skill_vetter.ps1 and INTEGRATION_REPORT.md references a PowerShell scanner) describe an executable that is not present in the manifest. The docs also describe modifying clawhub internals to integrate the scanner — a capability beyond a simple instruction-only vetting guide. This mismatch (claims of an executable + integration hooks vs. no actual executable files) is incoherent and should be explained by the author.
Instruction Scope
SKILL.md tells an agent to read ALL files of target skills and includes explicit integration hooks that modify the clawhub install path and auto-block installs. It also references reading/writing token locations and workspace paths. Those instructions go beyond passive vetting guidance and would require filesystem access and changes to other tooling; they grant broad authority and should not be executed blindly. The skill also instructs auto-blocking installs with no UI confirmation in some cases.
Install Mechanism
There is no install spec and no code files included in the package (instruction-only). That is the lowest-risk install model — nothing in the package will be written to disk by an installer. However the documentation expects an external PowerShell script (skill_vetter.ps1) to exist for actual scanning; because that script is missing, any attempt to follow integration steps would require obtaining and running external code (higher risk).
Credentials
The skill declares no required env vars or credentials, but the docs reference environment variable CLAWHUB_SKILL_VETTER, a Clawhub token path (C:\Users\atlas\.clawhub\token), and default workspace locations. The instructions would have agents read or modify user workspace and CLI installation paths and potentially access saved tokens — access to these secrets/configs is not declared or justified in metadata.
Persistence & Privilege
SKILL.md describes modifying clawhub's installation flow (editing cli/commands/skills.js) to call the scanner before installs and to auto-block. That requires modifying other software and granting persistent influence over future installs. The skill metadata does not request or justify such persistence or elevated privileges. While always:false and autonomous invocation are normal, the skill's own instructions attempt to create permanent hooks into the package manager, which is a privilege escalation risk if followed.
What to consider before installing
This package appears to be a vetting checklist and integration plan, not a complete, self-contained scanner. Before you run or integrate it: 1) Do not run any suggested modification commands that edit clawhub or system files without inspecting the exact changes. 2) Ask the publisher for the missing skill_vetter.ps1 (or the actual scanner binary) and review its source before executing it. 3) Confirm whether the scanner needs to read token files or other credentials; never give it access to your Clawhub token or ~/.openclaw workspace without manual review. 4) If you want a vetting workflow, prefer a vetted, signed scanner distributed from an official source (or run any new scanner inside an isolated sandbox/VM). 5) If you plan to integrate auto-blocking into clawhub, require a human review step and code review of the exact patch to clawhub's CLI rather than applying opaque instructions from this package.Like a lobster shell, security has layers — review code before you run it.
MITvk9776f0f32qba2szr6h3yg1gh184s8e8latestvk9776f0f32qba2szr6h3yg1gh184s8e8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.