Skillvet
WarnAudited by ClawScan on May 10, 2026.
Overview
Skillvet is a purpose-aligned local security scanner, but a scanned skill can include its own suppression config that disables checks, so its results can be bypassed.
Review this skill before relying on it as a security gate. It appears to scan locally and does not show exfiltration, but do not trust clean results for untrusted skills unless suppressions from the scanned directory are disabled or separately reviewed. Prefer the remote scan workflow before installing high-risk skills.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or careless skill could ship a .skillvetrc that disables the checks most likely to flag it, causing Skillvet to report a cleaner result than warranted.
The scanner automatically trusts a config file inside the scanned skill directory to disable checks. For untrusted skill vetting, this lets the target being scanned influence the scanner's security goals.
SKILLVETRC="$SKILL_DIR/.skillvetrc" ... disable:*) DISABLED_CHECKS+="${rc_line#disable:} " ;; ... is_check_disabled()Ignore target-provided suppressions by default for untrusted scans, or require an explicit user flag and clearly list all disabled checks in the output.
If installation itself has side effects, the audit may happen after some changes have already occurred.
The safe-install workflow performs the install action before running the audit. This is disclosed by the script, but users should not mistake it for a pure pre-install scan.
OUTPUT=$(cd "$WORKDIR" && clawdhub install "$SLUG" "$@" 2>&1) ... AUDIT_OUTPUT=$("$SCRIPT_DIR/skill-audit.sh" "$SKILL_DIR" 2>&1)Use the remote/temporary scan workflow first for higher-risk skills, and reserve safe-install for cases where installing before audit is acceptable.
Some advertised detections may be weaker or different from expected if the referenced signature file is absent.
The scanner references a patterns.b64 signature file, but the supplied file manifest does not include it; the script falls back to simpler built-in patterns.
PATTERNS_FILE="$SCRIPT_DIR/patterns.b64"
Package the referenced signature file, document the fallback behavior clearly, and make missing signature data visible in scan output.
If enabled, future Git commits may run Skillvet automatically; the referenced hook file is not present in the supplied manifest.
The documentation includes a user-directed command to install a Git pre-commit hook, which is persistent local automation that runs on future commits.
ln -sf ../../scripts/pre-commit-hook .git/hooks/pre-commit
Only install the hook after verifying the hook file exists and contains the behavior you expect.