ClawHub

Skill Vetter

Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
651 · 153k · 3k current installs · 3k all-time installs
by@spclaudehome
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (skill vetting) match the SKILL.md: it provides a checklist and commands to inspect repos and files. It does not request unrelated credentials, binaries, or installs.
Instruction Scope
Instructions direct the agent to read and review all files of a candidate skill and to run GitHub API/raw content queries for GitHub-hosted skills. This is appropriate for vetting, but the instructions assume the agent may perform network calls and full file reads — ensure the agent is authorized to access those repos and that you intend that level of access.
Install Mechanism
No install spec and no code files — lowest-risk model. The provided quick-commands use curl/jq against GitHub; those are reasonable for repo inspection and do not introduce installation-time downloads or extracted archives.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to a vetting/checklist skill.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request persistent system presence or attempt to modify other skills or system-wide settings.
Assessment
This is a coherent, low-risk instruction-only vetting skill: it contains a sensible checklist and GitHub query examples and does not ask for secrets or installs. Before using it, remember: (1) vetting requires the agent to read candidate skill files and may perform network calls — confirm you want those permissions; (2) the checklist helps detect obvious red flags but does not guarantee detection of cleverly obfuscated or time-delayed malicious code, so for high-risk skills perform a human code review; (3) run the quick curl commands from a controlled environment (no privileged credentials in the shell) and avoid pasting sensitive tokens into outputs. If you want stronger guarantees, require manual human approval for skills classified as MEDIUM+ or that request any credentials.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk978d3cmths4ddks45veag5yq5809mez

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Skill Vetter 🔒

Security-first vetting protocol for AI agent skills. Never install a skill without vetting it first.

When to Use

  • Before installing any skill from ClawdHub
  • Before running skills from GitHub repos
  • When evaluating skills shared by other agents
  • Anytime you're asked to install unknown code

Vetting Protocol

Step 1: Source Check

Questions to answer:
- [ ] Where did this skill come from?
- [ ] Is the author known/reputable?
- [ ] How many downloads/stars does it have?
- [ ] When was it last updated?
- [ ] Are there reviews from other agents?

Step 2: Code Review (MANDATORY)

Read ALL files in the skill. Check for these RED FLAGS:

🚨 REJECT IMMEDIATELY IF YOU SEE:
─────────────────────────────────────────
• curl/wget to unknown URLs
• Sends data to external servers
• Requests credentials/tokens/API keys
• Reads ~/.ssh, ~/.aws, ~/.config without clear reason
• Accesses MEMORY.md, USER.md, SOUL.md, IDENTITY.md
• Uses base64 decode on anything
• Uses eval() or exec() with external input
• Modifies system files outside workspace
• Installs packages without listing them
• Network calls to IPs instead of domains
• Obfuscated code (compressed, encoded, minified)
• Requests elevated/sudo permissions
• Accesses browser cookies/sessions
• Touches credential files
─────────────────────────────────────────

Step 3: Permission Scope

Evaluate:
- [ ] What files does it need to read?
- [ ] What files does it need to write?
- [ ] What commands does it run?
- [ ] Does it need network access? To where?
- [ ] Is the scope minimal for its stated purpose?

Step 4: Risk Classification

Risk LevelExamplesAction
🟢 LOWNotes, weather, formattingBasic review, install OK
🟡 MEDIUMFile ops, browser, APIsFull code review required
🔴 HIGHCredentials, trading, systemHuman approval required
⛔ EXTREMESecurity configs, root accessDo NOT install

Output Format

After vetting, produce this report:

SKILL VETTING REPORT
═══════════════════════════════════════
Skill: [name]
Source: [ClawdHub / GitHub / other]
Author: [username]
Version: [version]
───────────────────────────────────────
METRICS:
• Downloads/Stars: [count]
• Last Updated: [date]
• Files Reviewed: [count]
───────────────────────────────────────
RED FLAGS: [None / List them]

PERMISSIONS NEEDED:
• Files: [list or "None"]
• Network: [list or "None"]  
• Commands: [list or "None"]
───────────────────────────────────────
RISK LEVEL: [🟢 LOW / 🟡 MEDIUM / 🔴 HIGH / ⛔ EXTREME]

VERDICT: [✅ SAFE TO INSTALL / ⚠️ INSTALL WITH CAUTION / ❌ DO NOT INSTALL]

NOTES: [Any observations]
═══════════════════════════════════════

Quick Vet Commands

For GitHub-hosted skills:

# Check repo stats
curl -s "https://api.github.com/repos/OWNER/REPO" | jq '{stars: .stargazers_count, forks: .forks_count, updated: .updated_at}'

# List skill files
curl -s "https://api.github.com/repos/OWNER/REPO/contents/skills/SKILL_NAME" | jq '.[].name'

# Fetch and review SKILL.md
curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/skills/SKILL_NAME/SKILL.md"

Trust Hierarchy

  1. Official OpenClaw skills → Lower scrutiny (still review)
  2. High-star repos (1000+) → Moderate scrutiny
  3. Known authors → Moderate scrutiny
  4. New/unknown sources → Maximum scrutiny
  5. Skills requesting credentials → Human approval always

Remember

  • No skill is worth compromising security
  • When in doubt, don't install
  • Ask your human for high-risk decisions
  • Document what you vet for future reference

Paranoia is a feature. 🔒🦀

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…