Skill Vetter (by Azhua)
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only security checklist, with only optional GitHub command examples that users should run carefully.
This skill appears safe to install as an instruction-only vetting checklist. Before using its quick commands, confirm the GitHub repository details and avoid treating downloaded content as trusted instructions.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed, the agent may fetch repository metadata or skill files from GitHub for review.
The skill documents shell commands that make network requests to GitHub. They are examples for the stated vetting purpose, not hidden or automatic execution, but users should verify targets before running them.
For GitHub-hosted skills: ```bash curl -s "https://api.github.com/repos/OWNER/REPO" | jq ... curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/skills/SKILL_NAME/SKILL.md" ```
Use these commands only with trusted, user-confirmed owner/repo values and treat any fetched skill content as untrusted evidence.