VibeSafe — Security Pre-Flight for AI Coding Agents
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: nerua1-vibe-safe Version: 1.1.0 The skill bundle implements a security auditing workflow that requires the AI agent to execute shell commands, install software (pip-audit), and make external network requests to various APIs (api.osv.dev, api.github.com, and api.deps.dev). While these actions are aligned with the stated goal of auditing dependencies and enforcing a secrets policy, the requirement for broad shell execution and network access in SKILL.md constitutes a high-risk capability. There is no evidence of malicious intent, but the reliance on executing constructed strings in bash and installing packages mid-flow warrants a suspicious classification for an agentic tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the skill text were later modified or sourced from an untrusted location, it could strongly steer the agent's behavior.
Putting a skill file into a system prompt elevates its instructions above normal user/context text. In this artifact it is disclosed as Kimi integration guidance, not hidden behavior.
For Kimi, prepend the skill file to your system prompt:
Only add reviewed, trusted skill text to a system prompt, and avoid combining it with untrusted project content.
Dependency names and repository identifiers may be sent to OSV.dev, GitHub, or deps.dev during audits.
The skill instructs the agent to run audit tools and query public vulnerability services. This is expected for dependency auditing, but it is still agent-driven tool use.
Run these checks. Use real tools when available. Always run at least the OSV API check
Use the skill when external vulnerability lookups are acceptable, and avoid sending confidential private package names to public services unless approved.
The agent could modify the Python environment by installing pip-audit before running a scan.
The skill may install and run a Python audit package if it is missing. That local environment change is purpose-aligned but should not be surprising.
pip show pip-audit > /dev/null 2>&1 || pip install pip-audit --quiet
Prefer a virtual environment or user-scoped install, and require confirmation before package installation if you do not want the agent changing your environment.
Following the README quick start could execute code that was not included in this review.
The README documents running helper scripts from an external repository, while the reviewed OpenClaw artifact contains no code files for those scripts.
git clone https://github.com/nerua1/vibe-safe ... chmod +x tools/audit.sh ... ./tools/audit.sh /path/to/your/project
Review or pin the external repository and inspect tools/audit.sh before running it; the instruction-only skill itself does not include that script.
A stale or incorrectly generated stay_safe.md could cause future reviewers or agents to over-trust old audit results.
The skill creates a persistent repository artifact intended to influence future human and agent decisions.
This certificate can be committed to your repo. It tells reviewers and future AI agents: "these dependencies were vetted."
Treat stay_safe.md as time-limited evidence, re-run audits after dependency changes, and do not treat the certificate as a permanent security guarantee.