aegis-skill-vetter
v2.0.0Enterprise-grade security vetting protocol for AI agent skills. Automated threat detection, quantified risk scoring, and zero-trust code analysis.
⭐ 1· 498·3 current·3 all-time
by@r00tfe1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (skill vetter) match the SKILL.md content: it lists source reputation checks, static scanning, dependency analysis, and permission checks. The actions it asks for (grep, curl to GitHub API, reading package manifests, running npm/pip audits) are reasonable for a vetting tool.
Instruction Scope
The SKILL.md instructs the agent to run many shell commands (grep, curl, ls, cat, jq, npm audit, pip-audit, etc.) across a skill folder and to inspect indicators that may reference sensitive paths (e.g., ~/.ssh, ~/.aws) and files. Those operations are coherent for vetting, but they give the skill broad discretion to read workspace files and scan for patterns; the protocol also contains automatic immediate-reject heuristics which may be aggressive and could produce false positives. There is no explicit instruction to transmit results to third-party endpoints other than standard API calls (GitHub API via curl).
Install Mechanism
Instruction-only (no install). This minimizes disk footprint, but the instructions assume availability of tools (jq, curl, grep, npm/pip audit tools, pip-audit, cargo-audit, etc.) without declaring or installing them. If these tools are not present the workflow will fail; conversely, granting shell access to supply them is required to run the vetter fully.
Credentials
The skill does not request environment variables or credentials in manifest, which is appropriate. However the runtime instructions explicitly search source for references to credential files and config paths and read workspace directories (e.g., ~/.openclaw/workspace/skills/). That access is proportionate to vetting, but users should be aware the skill will inspect local skill code and metadata and may surface sensitive indicators found in that code.
Persistence & Privilege
No elevated persistence requested (always:false). The skill does not modify other skills or system-wide agent settings in its instructions. Autonomous invocation is allowed (platform default), which is normal for a vetter but increases blast radius if the skill were malicious—however there is no claim of forced inclusion or self-enablement.
Assessment
This skill is internally coherent for the purpose of vetting other skills, but before installing or allowing it to run: (1) Only run it when you trust the skill source (author/homepage unknown here); (2) Run the vetter against a copy of the target skill in an isolated environment (or sandbox) until you’re confident in its behavior; (3) Confirm required command-line tools (curl, jq, grep, npm/pip audit tools, etc.) are available in the environment or accept that the vetter will fail; (4) Expect the vetter to read your workspace/skill folders and scan code for credential patterns—do not point it at directories with raw secrets; (5) Review automatic-reject rules (they are aggressive and may cause false positives) and consider performing manual review for hits before permanently refusing installation. If you provide the skill's origin/author or a homepage, reassess confidence upward.Like a lobster shell, security has layers — review code before you run it.
ai-agentvk978vc3a3v9cbfa9fjvkwn6x0h82tvfwauditvk978vc3a3v9cbfa9fjvkwn6x0h82tvfwlatestvk978vc3a3v9cbfa9fjvkwn6x0h82tvfwreviewvk978vc3a3v9cbfa9fjvkwn6x0h82tvfwsafetyvk978vc3a3v9cbfa9fjvkwn6x0h82tvfwsecurityvk978vc3a3v9cbfa9fjvkwn6x0h82tvfwvettingvk978vc3a3v9cbfa9fjvkwn6x0h82tvfw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.