Skill Vetter v2
Security checks across malware telemetry and agentic risk
Overview
This appears to be a coherent local skill-review helper, with disclosed optional hooks and verification steps that users should enable or share with deliberately.
This skill is reasonable to use as a local vetting aid. Before installing, confirm the package source and version, run its scan helper only on intended skill folders, enable the OpenClaw hook only if you want persistent startup reminders, and keep any SettlementWitness verification payload minimal and free of secrets.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could be looking at a package whose embedded metadata does not exactly match the registry listing.
The supplied registry metadata lists a different owner ID and version, so users should confirm they are installing the intended package. This is a provenance/package-consistency note, not evidence of hidden behavior.
"ownerId": "kn71j6xbmpwfvx4c6y1ez8cd718081mg", "version": "2.0.0"
Verify the source, owner, and version before relying on the skill, especially because the listed source is unknown and there is no homepage.
Running the helper on a broad private folder may expose sensitive-looking lines in the local terminal or report draft.
The helper enumerates and searches a user-provided directory. This is expected for vetting, but it can print matching file lines, including credential-like strings, to local output.
find "$TARGET" -maxdepth 4 -type f | sort ... grep -RInE ... "$TARGET"
Run the helper only against the intended skill directory and avoid copying raw secret-looking output into shared reports or verification payloads.
The agent may receive repeated safety-review reminders in future sessions after the hook is enabled.
If the optional hook is enabled, it modifies main-agent bootstrap context by adding a virtual reminder. The behavior is disclosed and advisory, but it is persistent at bootstrap.
if (event.type !== 'agent' || event.action !== 'bootstrap') return; ... event.context.bootstrapFiles.push({ path: 'SKILL_VETTER_V2_REMINDER.md', ... virtual: true })Enable the hook only if you want this persistent reminder, and disable it if it interferes with normal agent startup behavior.
If a report contains private repository details, secrets, or sensitive findings, sending it for verification could disclose that information.
The skill describes an optional external SettlementWitness verification flow for completed reports. The documentation scopes the payload and warns against sending sensitive data.
Optional verification is used only after local review is complete. It can validate that the final report matches a deterministic spec ... send only structured report data ... never send secrets
Use optional verification only with a minimal sanitized report, and treat a PASS result as report-format evidence rather than proof that the reviewed skill is safe.
Future reviews could be influenced by whatever is written into these local learning files.
The package includes local persistent learning files intended to influence future vetting workflow. This is purpose-aligned, but stored notes should not contain secrets or untrusted instructions.
Use this directory for improvements to the vetting workflow. Examples: recurring red-flag patterns ... false positives to avoid
Keep learning notes factual and sanitized, and avoid storing private data, credentials, or instructions copied from untrusted skills.