ClawHub

Skill Security Vetting

v1.0.0

Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...

0· 162·0 current·0 all-time
by@hsyhph·duplicate of @fedrov2025/skill-vetter-1-0-0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (a skill vetter) matches the instructions: it mandates reviewing files, checking sources, and querying public GitHub endpoints. It does not request unrelated binaries, credentials, or system configuration, which is proportionate for a vetting tool.
Instruction Scope
Instructions explicitly require reading "ALL files in the skill" and running curl against GitHub APIs/raw.githubusercontent for GitHub-hosted skills. This is appropriate for a vetter, but it grants broad read access to the skill package and requires network access to GitHub. The SKILL.md also instructs checking for reads of sensitive paths (e.g., ~/.ssh, ~/.aws) which is sensible as a red flag. Ensure the agent's runtime scope is limited to the skill's files and public network endpoints when following these steps.
Install Mechanism
No install spec or code files are present (instruction-only). Nothing is written to disk by the skill itself — lowest-risk installation footprint.
Credentials
The skill declares no required environment variables, credentials, or config paths. The instructions do not instruct reading env vars or secret files (they explicitly list those as red flags). This is proportionate.
Persistence & Privilege
always is false and there is no installation or self-modifying behavior. The skill does not request persistent presence or elevated privileges.
Assessment
This is a coherent, instruction-only vetter appropriate for pre-install checks. Before using it, ensure the agent executing these instructions is sandboxed so "read ALL files" is scoped to the skill package (not the whole filesystem). The vetting commands use public GitHub endpoints — avoid running them against private/restricted hosts unless you trust the network. Remember: the vetter reports red flags but does not itself verify semantics; for HIGH/EXTREME cases perform a manual human review and do not grant credentials or elevated rights to a skill based solely on this automated report.

Like a lobster shell, security has layers — review code before you run it.

latestvk97csj16f4qsm9kg6a87y4hwys83z3kp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments