aegis-skill-vetter
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only security checklist with no code or credentials, but its shell/network checks and strong assurance language should be used carefully.
This skill appears safe to install as an instruction-only security review aid. Before using it, remember that its command snippets may access the network or scan local files, so run them only in the intended skill directory and do not treat its recommendation as a substitute for trusted security review.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied carelessly, the commands could query external services or scan the wrong local directory, though the behavior is disclosed and purpose-aligned.
The skill documents shell and network commands with placeholders and recursive scans. This is expected for a security vetting workflow, but the commands should be scoped and reviewed before execution.
skillhub info <skill-name> ... curl -s "https://api.github.com/repos/{owner}/{repo}" ... grep -r ... .Run examples only inside the candidate skill folder, quote or sanitize placeholder values, and confirm before executing commands that access the network or filesystem.
Users may have less ability to verify who maintains the vetting policy or whether it reflects current best practices.
The skill itself has limited provenance information. That does not show malicious behavior, but it matters because the skill is intended to influence security decisions.
Source: unknown; Homepage: none
Treat it as an unverified checklist and compare important decisions with trusted platform guidance or a known security review process.
An agent or user could give the skill's recommendation more weight than the evidence supports.
The skill uses strong authority and assurance language. In context this supports a security-review purpose, but users should not over-trust an instruction-only checklist as a complete guarantee.
"Aegis protects, Aegis decides."
Use the output as decision support, and keep human confirmation for installs, rejections, or other high-impact security decisions.