ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Vet Repo

v1.1.1

Scan repository agent configuration files for known malicious patterns

0· 1.2k·0 current·0 all-time
by@itsnishi

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for itsnishi/vet-repo.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Vet Repo" (itsnishi/vet-repo) from ClawHub.
Skill page: https://clawhub.ai/itsnishi/vet-repo
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install vet-repo

ClawHub CLI

Package manager switcher

npx clawhub@latest install vet-repo
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included artifacts: the package ships a Python scanner (scripts/vet_repo.py) and a large pattern DB (scripts/patterns.py) that are directly used to scan agent-related config files. Nothing requested by the skill (no env vars, no external binaries) appears disproportionate to the stated purpose.
Instruction Scope
SKILL.md instructs the user/agent to run the local Python script against a given PROJECT_ROOT. The scanner reads a defined set of config files (.claude/, .mcp.json, CLAUDE.md, .vscode, .cursor) and supporting skill scripts (.py, .sh) and reports matches. This is consistent with the stated goal, but note it will read arbitrary files under the scan scope and will print matched contents (including any secrets it finds). The instructions do not execute repository code; they only open and inspect files.
Install Mechanism
No install spec or remote downloads are used. The skill is delivered with its Python scripts and runs locally; no external package fetching or archive extraction occurs.
Credentials
The skill requests no environment variables or credentials. The patterns include detections for secrets and sensitive configs (expected for a scanner), but the skill itself does not request access to those secrets or attempt to store them.
Persistence & Privilege
always is false and disable-model-invocation is true (the skill will not be autonomously invoked by the model). The skill does not modify other skills or global agent settings; it only reads repository files and prints a report.
Assessment
This looks like a legitimate repo scanner, but take the usual precautions before running code from an unknown source: 1) review scripts/vet_repo.py and scripts/patterns.py yourself to confirm behavior, 2) run the scanner on a copy of the repository or inside an isolated/containerized environment, 3) run it offline if you want to avoid accidental network access from other tools, and 4) be aware the scanner will surface any detected secrets or sensitive lines in its output — consider restricting output storage or scanning only non-sensitive copies. If you want stronger guarantees, inspect the pattern DB for false positives/negatives and run the script under restricted privileges.
scripts/patterns.py:357
Shell command execution detected (child_process).
scripts/patterns.py:350
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d06ar8feca9hhdjq4e65w0s83papd
1.2kdownloads
0stars
3versions
Updated 11h ago
v1.1.1
MIT-0
@itsnishi
latest
Download

vet-repo -- Repository Agent Config Scanner

Scan all agent configuration files in a repository for known malicious patterns. Use this when entering an unfamiliar codebase to assess agent-level security risks before trusting the repo's configurations.

What to do

Run the scanner script against the current project root:

python3 "$SKILL_DIR/scripts/vet_repo.py" "$PROJECT_ROOT"

Where $SKILL_DIR is the directory containing this SKILL.md, and $PROJECT_ROOT is the root of the repository being scanned.

What it scans

  • .claude/settings.json -- hook configs (auto-approve, stop loops, env persistence)
  • .claude/skills/ -- all SKILL.md files (hidden comments, curl|bash, persistence triggers)
  • .mcp.json -- MCP server configs (unknown URLs, env var expansion, broad tools)
  • CLAUDE.md / .claude/CLAUDE.md -- instruction injection in project config

Output

Structured report with findings grouped by severity (CRITICAL, HIGH, MEDIUM, LOW, INFO) and actionable recommendations for each finding.

When to use

  • Before trusting a cloned repository's agent configurations
  • After pulling changes that modify .claude/ or .mcp.json
  • As part of a security review of any codebase with agent integration

Advisory hooks

This repository includes PreToolUse hooks in .claude/settings.json that warn on dangerous Bash commands (pipe-to-shell, rm -rf /, chmod 777, eval with variables, base64-to-execution) and sensitive file writes (.ssh/, .aws/, .gnupg/, shell profiles, settings.json).

These hooks are advisory only -- they produce warning messages but do not block execution. An agent or user can proceed past the warning.

  • The hooks are a supplementary signal, not an enforcement layer
  • vet-repo is the primary detection mechanism for repo-level threats
  • Deterministic blocking requires changing the hook to return {"decision": "block"} instead of a warning message
  • See .claude/settings.json for the current hook definitions

Comments

Loading comments...