ClawHub

Skill Install Guard

v1.0.0

安全拦截型技能,确保安装任何技能前都经过 skill-vetter 的安全审查,输出审查报告并要求用户明确确认,禁止私自安装。

1· 329·1 current·1 all-time
by@dongyulin89
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (an install-time vetting guard) matches the instructions: intercept install intent, run checks with skill-vetter, produce a report, request explicit user confirmation, then call clawhub install. It does not request unrelated credentials or privileged OS access.
Instruction Scope
Instructions legitimately read skill files (local workspace), call clawhub info/install, clone or download remote repos for review, and may write an install history to memory. These actions are appropriate for a vetting guard, but the doc also references an 'online review' mode for skill-vetter which could upload skill code or metadata to an external service — that is not spelled out and could leak sensitive code if enabled.
Install Mechanism
Instruction-only skill with no install spec and no bundled code. Nothing is written to disk by the skill itself beyond optional recordings to memory; any downloading/cloning is tied to vetting remote skills (expected).
Credentials
The skill declares no environment variables, credentials, or config paths. The SKILL.md does instruct reading local workspace skill folders and optional memory files (reasonable for vetting). There are no unexplained secret requests.
Persistence & Privilege
always is false and there is no attempt to persist self-enabled configuration outside optional install-history entries in memory. It does not request elevated or cross-skill configuration changes.
Scan Findings in Context
[no-regex-findings] expected: Scanner found no code because this is an instruction-only skill; that's expected. The security surface is the SKILL.md instructions rather than shipped code.
Assessment
This skill is internally consistent with its purpose and doesn't request extra credentials, but before enabling it: 1) confirm how your skill-vetter implementation behaves — ensure any 'online review' option does not upload code or secrets to an untrusted endpoint; 2) verify clawhub and skill-vetter are trusted tools on your system (they will be invoked and may access the network); 3) be aware it will read local workspace skill folders and may record install decisions to agent memory—avoid vetting sensitive/private repos unless you trust the vetter; and 4) test the workflow with a harmless skill to confirm it truly halts installation until you explicitly confirm.

Like a lobster shell, security has layers — review code before you run it.

latestvk973xyjj86twmyt11cxp1b7be582m5qc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments