ClawHub

HIIC-skill-vetter

v1.0.0

Practical skill vetting workflow for AI agents. Prioritizes clear yes/no risk judgments, concise conclusions, and business-aware risk tolerance before instal...

0· 132·0 current·0 all-time
byHIIC-Wayne@waytobetter619

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for waytobetter619/hiic-skill-vetter.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "HIIC-skill-vetter" (waytobetter619/hiic-skill-vetter) from ClawHub.
Skill page: https://clawhub.ai/waytobetter619/hiic-skill-vetter
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install hiic-skill-vetter

ClawHub CLI

Package manager switcher

npx clawhub@latest install hiic-skill-vetter
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (a skill-vetter) matches the included assets (SKILL.md, vet_scan.py, vet-scan.sh). No unrelated env vars, binaries, or platform credentials are requested.
Instruction Scope
Runtime instructions are limited to reviewing SKILL.md and running the included scanner against a target skill directory. The scanner only reads files under the provided target directory (root.rglob) and looks for risky patterns; it does not instruct reading system-wide secrets or making outbound network calls.
Install Mechanism
No install spec. This is an instruction-only skill with local Python/shell helpers. There are no downloads or archive extraction steps; importing yaml is optional and not installed automatically.
Credentials
The skill declares no environment variables or credentials. The scanner searches for tokens/patterns inside the target directory but does not require or access external secrets itself.
Persistence & Privilege
always is false and the skill does not attempt persistence, system service installation, or elevated operations. The code contains no sudo/chown/chmod root operations.
Scan Findings in Context
[dynamic_execution_patterns_present_in_scanner] expected: The scanner contains regexes for eval/exec/bash -c/subprocess — this is intentional: the vetter looks for those patterns in other skills to flag dynamic execution risks.
[sensitive_file_patterns_present_in_scanner] expected: Patterns for .env, ~/.ssh, ~/.aws, token, cookie, etc., appear in the scanner. This is appropriate because the tool's purpose is to detect sensitive-access indicators in target skill directories.
[network_call_patterns_present_in_scanner] expected: Regexes for curl/wget/https:///requests/axios are present; expected because the vetter searches for outbound/network-related code in scanned skills.
Assessment
This skill is a local vetting helper and appears safe to use. It will read files under whatever directory you point it at (so do not run it against directories that contain your real secrets like ~/.ssh or other private data). The scanner only inspects files and patterns — it does not itself make network calls or change system settings. Two practical precautions: (1) run the scanner in a sandbox or on a copy of the skill directory if it contains credentials, and (2) remember the vetter is an automated triage helper with a 'safe-by-default' policy and concise outputs — follow up with manual review for anything flagged as medium/high risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk97be1ztjgtzby728renx3pwph83k80a
132downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
HIIC-Wayne@waytobetter619
latest
Download

HIIC Skill Vetter

A practical, business-aware vetting workflow for OpenClaw skills.

Goal: give a short, clear conclusion about whether a skill is safe to use, without over-penalizing normal capabilities like external API access, scheduled tasks, screenshots, or documented platform credentials.

When to Use

Use this skill when:

  • the user asks whether a skill is safe
  • the user wants a quick vet before installing a skill
  • the user wants a concise risk conclusion instead of a long report
  • the user wants a portfolio-wide skill review

Core Policy

Default stance

A skill is considered safe by default unless there is evidence of one of the following:

  • privilege escalation
  • hidden or unrelated sensitive-data access
  • hidden external exfiltration
  • dynamic execution of untrusted input
  • obvious behavior beyond the claimed scope

Important calibration rules

The following do not automatically make a skill unsafe:

  • documented external API access
  • reading .env, tokens, cookies, or API keys that are clearly required for the skill's purpose
  • cron / session / service / screenshot / browser state features
  • package installation steps that are explicit and relevant
  • platform/account integration when it is the point of the skill

These should usually be treated as:

  • normal capability, or
  • caution item, not rejection

Judgment Standard

Output should be short and explicit.

Use this format:

SKILL VETTING REPORT
═══════════════════════════════════════
Skill: [name]
Source: [local / GitHub / ClawHub / other]
───────────────────────────────────────
RISKS:
• External Access: [Yes / No]
• Sensitive Access: [Yes / No / Required for stated purpose]
• Dynamic Execution: [Yes / No]
• Privilege Escalation: [Yes / No]
• Scope Mismatch: [Yes / No]
───────────────────────────────────────
RISK LEVEL: [🟢 LOW / 🟡 MEDIUM / 🟠 HIGH]
VERDICT: [✅ SAFE TO INSTALL / ⚠️ INSTALL WITH CAUTION / 🛑 HUMAN REVIEW RECOMMENDED]
NOTES: [1-3 short lines]
═══════════════════════════════════════

Keep the conclusion concise. Do not generate a long audit unless the user explicitly asks.

Decision Rules

✅ SAFE TO INSTALL

Use when:

  • no privilege escalation found
  • no suspicious unrelated sensitive access found
  • no hidden exfiltration found
  • behavior matches the skill's stated purpose

Typical examples:

  • weather skills
  • summarizers
  • search tools
  • GitHub helpers
  • browser helpers
  • document tools

⚠️ INSTALL WITH CAUTION

Use when:

  • the skill touches accounts, cookies, cloud resources, tokens, or publishing flows
  • but that access is clearly related to the skill's purpose
  • and there is no evidence of malicious or hidden behavior

Typical examples:

  • social publishing tools
  • cloud storage tools
  • document platform integrations
  • account-bound automation tools

🛑 HUMAN REVIEW RECOMMENDED

Use when:

  • there is real ambiguity about scope
  • or the skill reads sensitive material not clearly required
  • or the skill contains dynamic execution, suspicious remote behavior, or unclear hidden logic

Do not use this level just because a skill uses tokens, APIs, cron, screenshots, or service config for legitimate reasons.

What Actually Counts as High Risk

Treat these as strong warning signals:

  • sudo, privileged system modification, or elevated install requirements
  • eval, exec, bash -c, sh -c, subprocess execution with untrusted input
  • reading unrelated secrets or private files without business justification
  • hidden telemetry or undocumented outbound endpoints
  • obvious mismatch between claim and implementation
  • encoded/obfuscated payloads tied to execution or exfiltration

Practical Review Workflow

  1. Read SKILL.md
  2. Review helper scripts and config
  3. Identify whether sensitive/platform access is required for the stated purpose
  4. Look for actual high-risk behavior
  5. Return a short conclusion

If a repeatable scan helps, use:

python3 vet_scan.py <skill-dir>
python3 vet_scan.py <skill-dir> --format json

Review Philosophy

  • Business-required permissions are not automatic red flags.
  • A platform integration skill will naturally touch platform credentials.
  • A browser automation skill will naturally touch cookies/session state.
  • A cloud skill will naturally touch API keys and remote resources.
  • The question is not “does it have permissions?”
  • The question is: “does it use those permissions in a way that is expected, explicit, and limited to its purpose?”

Remember

Aim for good judgment, not paranoia theater.

If there is no concrete sign of malicious or over-scoped behavior, do not overcall risk.

Comments

Loading comments...