Skill Vettr
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its security-scanner purpose, but it should be reviewed because scanned skills can influence which files the scanner skips via a target-controlled .vettrignore file.
Review this skill before installing. It appears to be a legitimate static scanner, but do not rely on results unless skipped files are visible or .vettrignore handling is controlled by you. Install and run it in an isolated environment when vetting untrusted URLs, and keep autoVet off until you have reviewed its behavior and thresholds.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or poorly configured skill could appear cleaner than it is if dangerous files are excluded from scanning.
The scanner reads ignore rules from the skill directory being vetted and skips matching files. For untrusted third-party skills, that means the target can influence the scanner's scope and potentially hide risky files from analysis.
const { patterns: ignorePatterns, findings: ignoreFindings } = await this.loadVettrignore(resolvedPath, tools); ... if (ignorePatterns && ignorePatterns.length > 0 && isExcluded(relativePath, ignorePatterns)) { continue; }Do not trust target-supplied ignore rules by default; require user-controlled ignore configuration, prominently report every skipped path, and avoid allowing .vettrignore to exclude core manifests, package files, or executable source.
Installing the scanner may execute dependency lifecycle scripts on your machine.
The skill requires npm dependencies whose install steps can execute code. This is disclosed and tied to the AST parser dependency, but users should still treat installation as supply-chain-sensitive.
npm install runs dependency lifecycle scripts. tree-sitter packages use hasInstallScript for native/WASM builds. For isolation, run npm ci --ignore-scripts inside a container
Install in a disposable container or VM when possible, and prefer locked dependency installation with reviewed packages.
Untrusted URLs and archives will touch your local filesystem during vetting.
Remote vetting downloads and extracts user-supplied URLs using external binaries. The behavior is disclosed and appears scoped, but it still processes untrusted archives locally.
await execSafe('curl', ['-fsSL', '--max-filesize', '52428800', '--max-time', '120', '-o', tarPath, sanitisedUrl]); await execSafe('tar', ['-xzf', tarPath, '-C', tempDir, '--no-same-owner', '--no-same-permissions']);Use vet-url only for sources you intend to inspect, and run remote vetting inside an isolated container or VM.
A configuration change can make this skill affect future skill installations automatically.
If enabled, the skill registers a pre-install hook that can automatically block installations or prompt the user based on its scan result. This is purpose-aligned and disabled by default.
if (autoVet) { ctx.hooks.on('skill:pre-install', async (event) => { ... event.preventDefault(); ... ctx.ui.confirm(...) }) }Leave autoVet disabled unless you understand the policy, and review its prompts and thresholds before relying on it to block installs.