ClawHub

Fox Skill Vetter

v1.0.0

Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...

0· 64·1 current·1 all-time
byGarfieldQin@qinthqod·fork of @spclaudehome/skill-vetter (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the content: it's a vetting checklist that asks the agent to review skill files and metadata. It does not request credentials, binaries, or installs, which is proportionate. Minor inconsistency: the provided registry metadata ownerId/slug differ from the _meta.json ownerId/slug (registry shows ownerId 'kn78159cvc1zjyb32x3nchgy6982v9kc' and slug 'fox-skill-vetter', while _meta.json contains ownerId 'kn71j6xbmpwfvx4c6y1ez8cd718081mg' and slug 'skill-vetter'). That mismatch is unexplained and worth verifying with the publisher before trusting the skill.
Instruction Scope
SKILL.md stays within vetting scope: it instructs reading all files of a candidate skill, listing red flags, evaluating permission scope, producing a structured report, and gives example curl commands to query GitHub. These actions are appropriate for a vetter. Note: the examples include network fetches (GitHub API, raw.githubusercontent), so running the vetter implies network access; also the guidance to 'read ALL files' means the agent will inspect any content present, which is expected but sensitive.
Install Mechanism
Instruction-only skill with no install spec and no code files — no code is written to disk by this skill and nothing is installed. This is the lowest-risk install model.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. Its instructions do not request secrets or external tokens. This is proportionate for a vetting checklist.
Persistence & Privilege
always:false and default model invocation settings are used. The skill can be invoked autonomously (the platform default); that is reasonable for a vetter, but you should consider governance controls if you allow it to run without human oversight because it may perform network fetches and full-file inspections when invoked.
Scan Findings in Context
[no_code_files_found] expected: The regex scanner had no code to analyze because this is an instruction-only skill; that is expected for a checklist-style vetter.
Assessment
This skill is internally coherent and appears to do what it says: a checklist for vetting other skills. Before installing or allowing automated runs: (1) verify the publisher/owner identity — the _meta.json ownerId/slug does not match the registry metadata shown here, which could indicate a packaging or copy issue; (2) decide whether you want this vetter to run autonomously — it may perform network fetches (GitHub API/raw.githubusercontent) and read all files of candidate skills, so grant only the minimal runtime permissions you trust; (3) if you rely on its automated report to make install decisions, spot-check its findings manually for high-risk skills; and (4) confirm your platform/network policy for allowing curl/github access to avoid accidental data exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk976c2vyrd2pf7mxwtsyhn6exx83w8dr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments