Skill Vetter Guide

v1.1.0

Guide for vetting third-party OpenClaw skills before installation using the Skill Vetter security protocol. Use when installing any third-party skill, auditi...

⭐ 0· 123·0 current·0 all-time

by@vibesparkingai

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for vibesparkingai/skill-vetter-guide.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Skill Vetter Guide" (vibesparkingai/skill-vetter-guide) from ClawHub.
Skill page: https://clawhub.ai/vibesparkingai/skill-vetter-guide
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install skill-vetter-guide

ClawHub CLI

Package manager switcher

npx clawhub@latest install skill-vetter-guide

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description (a guide to vet third-party skills) match the actual content: an instruction-only skill with no required binaries, env vars, or installs. All declared requirements (none) are proportionate to the stated purpose.

ℹ

Instruction Scope

The SKILL.md correctly instructs reviewers to fetch and review every file in candidate skills and to write standardized reports. That scope is appropriate for a vetting tool, but the guide also recommends writing to local memory/audit files, editing AGENTS.md, and creating cron jobs to run periodic scans. Those are reasonable for enforcement, but they grant the vetting process broad read/write access to agent config and skills directories — ensure human oversight and read-only scanning where appropriate.

✓

Install Mechanism

No install spec or code files are present; this is instruction-only, which minimizes installation risk. The SKILL.md references a canonical source (ClawHub/GitHub), but the registry entry's source is 'unknown' — verify the actual repository before fetching anything.

✓

Credentials

The skill requests no environment variables, credentials, or special config paths. The red-flag checklist within the guide intentionally mentions sensitive locations (e.g., ~/.ssh, ~/.aws) as things to look for in other skills — it does not request access to them itself.

ℹ

Persistence & Privilege

Although the skill is not set to always:true and does not autonomously require credentials, it explicitly recommends persistent enforcement steps (adding a rule to AGENTS.md; setting up a cron job every 4 hours). These changes would create persistent, system-level behavior that should be applied only with explicit human approval and careful review of the automation scripts.

Assessment

This guide is coherent and useful for its stated purpose, but take these precautions before using it: (1) verify the actual source repo before fetching or copying files (the registry entry lists 'unknown'); (2) when running audits, prefer read-only scans and keep a human-in-the-loop for any HIGH/EXTREME findings; (3) do not let automated prompts or an agent write AGENTS.md or install cron jobs without manual review — those are persistent changes that affect all agents; (4) when following the guide to vet a skill, pay extra attention to any skill that reads ~/.ssh, ~/.aws, openclaw config files, or performs outgoing network requests; (5) keep an audit trail of who authorized adding enforcement rules or scheduled tasks so changes can be reverted if needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fbcjabfgzr6acvtf0wtkn698499b7

123downloads

0stars

2versions

Updated 3w ago

v1.1.0

MIT-0

Skill Vetter Guide

Security-first protocol for vetting third-party OpenClaw skills before installation.

Core rule: Never install a skill without vetting it first.

Install Skill Vetter

Install to the user-global skills directory so all agents can use it:

~/.agents/skills/skill-vetter/

Source: useai-pro/openclaw-skills-security@skill-vetter on ClawHub, or the equivalent GitHub repo.

After installation, verify:

Confirm ~/.agents/skills/skill-vetter/SKILL.md exists and is complete
Check the skill appears in the agent's available skills list

Vetting SOP

When asked to install any third-party skill, follow this flow:

Discover skill → Fetch source → Review ALL files → Risk grade → Decide → Install & document

1. Check Source Metadata

Origin (ClawHub / GitHub / personal share)
Author, last update, stars/downloads, community feedback
Clear purpose statement

2. Full Code Review (Mandatory)

Review every file in the skill, not just SKILL.md. Check for these red flags:

Red Flag	Why It Matters
`curl`/`wget` to unknown URLs	Data exfiltration
Sending data to external servers	Privacy leak
Requesting tokens/API keys/credentials	Credential theft
Reading `~/.ssh`, `~/.aws`, `~/.config`	Sensitive directory access
Reading `MEMORY.md`, `USER.md`, `SOUL.md`, `IDENTITY.md`, `TOOLS.md`, `openclaw.config.json`	OpenClaw private file access
`base64` decode of opaque content	Obfuscation
`eval()`/`exec()` with external input	Code injection
Modifying files outside workspace	System tampering
Installing undeclared dependencies	Supply chain risk
IP address connections (not domains)	Evasion of DNS-based controls
Minified/obfuscated code blocks	Hidden behavior
`sudo`/elevated permissions	Privilege escalation
Accessing browser cookies/sessions	Session hijacking

3. Assess Permissions Scope

Determine what the skill reads, writes, executes, and whether it needs network access. Verify permissions are minimal and match stated functionality.

4. Assign Risk Level

Level	Meaning	Action
🟢 LOW	Local text/formatting/weather	Install after review
🟡 MEDIUM	File ops, browser, third-party APIs	Install with caution
🔴 HIGH	Credentials, system config, auto-send	Human approval required
⛔ EXTREME	Root, security policy changes, broad sensitive reads	Do not install

5. Output Vetting Report

Use the standard report format. See references/report-template.md.

6. Document Installation

After installing, record: date, skill name, source, risk level, review summary, install path. Write to memory/YYYY-MM-DD.md or a dedicated security-audits/ directory.

Periodic Audit

Audit all installed third-party skills under ~/.agents/skills/ periodically:

Quick scan every 4 hours (automated via cron)
Full re-review weekly or monthly (human-assisted)

For each skill, check for new suspicious files, changed code, or newly introduced red flags. Output status per skill: ✅ Normal / ⚠️ Needs attention / ❌ Problematic.

Write results to timestamped files: security-audits/skills-audit-YYYY-MM-DD_HHMM.md. See references/audit-template.md for the audit file format.

AGENTS.md Enforcement

Add this rule to AGENTS.md to make vetting mandatory for all agents:

## Skill Security Rule

All third-party skills must be vetted with Skill Vetter before installation. No exceptions.

- Review ALL files, not just SKILL.md
- Check for: outbound network calls, sensitive file access, obfuscated code, eval/exec, credential requests, elevated permissions
- Output a standardized vetting report
- HIGH / EXTREME risk requires human approval
- Skills that fail vetting must not be installed

Prompt Templates

Ready-to-use prompts for common operations. See references/prompt-templates.md.

Multi-Instance Environments

When managing multiple OpenClaw instances:

Vet skills independently per machine
Record installed versions per host
Do not assume "safe on A = safe on B"
Leave audit trails when syncing or upgrading skills across hosts

Comments

Loading comments...