Vivi Skill Vetter

PassAudited by ClawScan on May 1, 2026.

Overview

The skill appears purpose-aligned as a local security vetting aid, with cautions to verify its source and scan only intended skill folders.

This looks safe to use as a vetting aid. Before installing or running it, verify the publisher if possible, briefly inspect the Python script, run it only on the skill you want to review, and keep generated reports private if they include file excerpts.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Info

#ASI01: Agent Goal Hijack

What this means

A skill being reviewed could contain instructions aimed at the agent; this vetting skill is meant to analyze that content, not obey it.

Why it was flagged

The workflow intentionally brings untrusted skill artifacts into the agent's review context.

Skill content

Use BEFORE installing any skill from: ... Untrusted sources ... clawhub inspect <slug> ... git clone <repo> /tmp/skill-review

Recommendation

Keep candidate skill text quoted or otherwise neutralized during review, and treat all reviewed content as evidence only.

Low

#ASI05: Unexpected Code Execution

What this means

Running the helper executes code from the skill package on the chosen directory.

Why it was flagged

The skill directs the user to run an included local Python scanner. This is disclosed and aligned with the vetting purpose.

Skill content

python3 scripts/vet_skill.py <skill-directory>

Recommendation

Review the included script before use and run it only against the candidate skill directory or a copy of it.

Low

#ASI06: Memory and Context Poisoning

What this means

If pointed at personal or credential-containing folders, scan output or reports could expose local file snippets.

Why it was flagged

The scanner reads files and captures surrounding context for matches, which can include excerpts from whatever directory the user supplies.

Skill content

content = file_path.read_text(encoding='utf-8', errors='ignore') ... context = '\n'.join(lines[context_start:context_end])

Recommendation

Scan only the intended skill source directory, avoid broad home-directory scans, and keep or redact generated reports before sharing.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users have less external context for confirming who maintains the scanner or comparing it to an upstream release.

Why it was flagged

The metadata does not provide an upstream source or homepage for independently verifying the included helper script's provenance.

Skill content

Source: unknown; Homepage: none

Recommendation

Verify the publisher and inspect the included files before relying on the tool for security decisions.