Install
openclaw skills install @nutstrut/skill-vetter-v2Verification-guided review workflow for inspecting skill packages before use or publication. Classifies risk and flags claims that exceed evidence. Does not itself perform cryptographic verification, emit receipts, or prove a skill is safe.
openclaw skills install @nutstrut/skill-vetter-v2Skill Vetter v2 is a verification-guided review skill for inspecting Claude/OpenClaw skill packages before use or publication.
It helps identify risky instructions, unclear authority boundaries, hidden assumptions, undeclared egress, provenance gaps, and claims that exceed evidence.
This skill does not itself perform cryptographic verification, emit Settlement Attestation Receipts, or prove that a skill is safe. It is a structured review workflow.
For actual receipt verification, use SettlementWitness or DefaultVerifier MCP verify_receipt.
Category: verifiability-guided workflow skill.
Boundary: Skill Vetter v2 reviews claims and risk signals; it does not certify, approve, execute, or cryptographically verify artifacts.
Analyze skills before installation or use. Classify capabilities, risks, and trust dependencies with structured local review. Optionally verify the completed report with SettlementWitness.
This is a packaged vetting skill, not a thin wrapper. It preserves local inspection as the primary decision path and adds an optional verification layer for auditability.
This skill defines a local review workflow with an optional verification step for the final report.
Never outsource the safety decision.
External systems may help verify that a report was produced correctly, but the actual judgment about whether a skill should be trusted remains local and reviewable.
| Situation | Action |
|---|---|
| New skill from unknown source | Run full local vetting workflow |
| Skill asks for secrets or credentials | Escalate risk immediately |
| Skill writes outside workspace | Mark as high risk unless clearly justified |
| Skill calls external services | Classify trust dependency and data exposure |
| Skill contains obfuscation or hidden execution | Mark unsafe |
| Final report is complete | Optionally verify the report structure and verdict consistency |
| Verification returns PASS | Attach receipt metadata to the report |
| Verification returns FAIL | Re-check findings and correct the report |
| Verification returns INDETERMINATE | Hold for manual review; do not treat as verified |
Skill Vetter v2 evaluates a target skill across four dimensions:
Purpose and scope What the skill claims to do, and whether its requested capabilities match that purpose.
Install-time behavior File writes, package installs, hooks, system changes, or bootstrap modifications.
Runtime behavior Commands, file access, network access, external APIs, tool usage, and data handling.
Trust dependency Whether the skill depends on transparent and reviewable systems, or on opaque and unverifiable services.
Inspect the skill package locally
SKILL.mdREADME.md and referencesIdentify declared and implied capabilities
Evaluate risk
Generate a structured report
Optional: verify the completed report
Review for:
Review for:
Classify the skill's external dependencies:
Reject or escalate immediately if you find:
{
"skill_name": "...",
"purpose": "...",
"source": "clawhub | github | local | other",
"capabilities": ["..."],
"install_risk": "low | medium | high | extreme",
"runtime_risk": "low | medium | high | extreme",
"trust_dependency": "none | transparent | opaque",
"warnings": ["..."],
"recommendations": ["..."],
"verdict": "safe | caution | unsafe",
"verified": false,
"verification": {
"status": "not_run | pass | fail | indeterminate",
"receipt_id": null,
"notes": ""
}
}
{
"skill_name": "example-email-sender",
"source": "github",
"description": "Sends automated emails using an external API",
"files": ["SKILL.md", "scripts/send-email.sh"]
}
{
"skill_name": "example-email-sender",
"purpose": "Send automated emails via external API",
"source": "github",
"capabilities": [
"network access",
"external API calls",
"file read/write"
],
"install_risk": "low",
"runtime_risk": "medium",
"trust_dependency": "opaque",
"warnings": [
"Uses external API with unclear data handling",
"No transparency on where email content is sent"
],
"recommendations": [
"Verify API endpoint and data handling policy",
"Limit data exposure before use"
],
"verdict": "caution",
"verified": false,
"verification": {
"status": "not_run",
"receipt_id": null,
"notes": ""
}
}
Use verification only after the local review is complete.
Recommended pattern:
Define a deterministic verification spec for the report
Submit only the structured report and spec
Interpret results conservatively
verified: trueverified: falseverified: false and escalate for manual reviewVerification is optional and must never override local safety concerns.
OpenClaw is the best fit for this skill because it supports packaged skills, hooks, and workspace context.
Via ClawHub:
clawdhub install skill-vetter-v2
Manual:
This legacy package does not currently publish a source install URL. Use the ClawHub listing/package as the reference artifact.
Install the reminder hook if you want a prompt to vet skills before trusting them:
cp -r hooks/openclaw ~/.openclaw/hooks/skill-vetter-v2
openclaw hooks enable skill-vetter-v2
Run the local helper against a skill folder:
bash scripts/scan-skill.sh /path/to/skill
This helper inventories files and flags common red-patterns locally. It does not make network calls.
Use this skill with Claude Code, Codex, Copilot, or other agents by copying the package into your skills directory and reviewing target skills locally.
Suggested workflow:
SKILL.mdAgents can:
This version clarifies that the skill is a verifiability-guided workflow aid. It does not itself perform cryptographic verification, emit Settlement Attestation Receipts, verify receipts, verify signatures, prove that a skill is safe, or approve execution. For receipt verification, use SettlementWitness or DefaultVerifier MCP verify_receipt.
ai-agents, skill-safety, risk-analysis, verification, trust, security