ClawHub

skill-vetter

v1.1.0

Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...

2· 2.8k·10 current·10 all-time
byStav Cohen@stavc

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for stavc/vetter.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "skill-vetter" (stavc/vetter) from ClawHub.
Skill page: https://clawhub.ai/stavc/vetter
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install vetter

ClawHub CLI

Package manager switcher

npx clawhub@latest install vetter
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description match the instructions: it's a vetting checklist for other skills. It sensibly suggests inspecting files, permissions, network calls, and credentials. Minor inconsistencies: the SKILL.md header uses the name 'vetter-StaJector' and version 1.0.0 whereas registry metadata lists version 1.1.0 and a different ownerId — these are likely bookkeeping mismatches but should be confirmed by the publisher. The SKILL.md expects use of network tools (curl, jq) in its quick commands, but the registry lists no required binaries; this is a small mismatch (the commands will fail if those tools aren't present).
Instruction Scope
All instructions stay within the vetting use-case: they tell the agent to read files in the skill being evaluated, check for a clear set of red flags, and optionally query GitHub for repo metadata. The skill does not instruct the agent to read user home files or exfiltrate data; it explicitly flags access to ~/.ssh, ~/.aws, cookies, etc. as REJECT conditions. The quick-vet commands will make network calls (GitHub/raw.githubusercontent) — expected for reviewing GitHub-hosted skills.
Install Mechanism
Instruction-only skill with no install spec and no code files, which minimizes surface area. There is no downloading or extraction of third-party archives. The only runtime risk is the agent executing the suggested curl/jq commands to fetch remote content during a vet — which is consistent with the vetter's purpose.
Credentials
The skill requests no environment variables, credentials, or config paths. It instructs reviewers to look for credentials requested by other skills (appropriate for a vetter) but does not itself ask for secrets. This is proportionate.
Persistence & Privilege
always:false and normal model invocation settings. The skill is user-invocable and may be called autonomously by the agent (default) — reasonable for a vetting tool. It does not request persistent system changes or special privileges.
Assessment
This is a lightweight, instruction-only vetting checklist and appears coherent for that purpose. Before using it: (1) confirm the publisher metadata (ownerId, version, and the SKILL.md header name mismatch) if you care about provenance; (2) ensure curl and jq are available if you plan to run the quick-vet commands, and be cautious when executing network fetches — fetching a SKILL.md from a remote repo is fine for review, but avoid blindly executing any downloaded scripts; (3) continue to follow the vetter's red flags (especially anything that touches ~/.ssh, ~/.aws, credential files, or that sends data to unknown endpoints). If you want higher assurance, run the vetting steps manually on an isolated machine or sandbox before relying on automated checks.

Like a lobster shell, security has layers — review code before you run it.

latestvk975pc1xfn42hgz5b5y1wc90gx83v7dv
2.8kdownloads
2stars
1versions
Updated 4w ago
v1.1.0
MIT-0
Stav Cohen@stavc
latest
Download

Skill Vetter 🔒

Security-first vetting protocol for AI agent skills. Never install a skill without vetting it first.

When to Use

  • Before installing any skill from ClawdHub
  • Before running skills from GitHub repos
  • When evaluating skills shared by other agents
  • Anytime you're asked to install unknown code

Vetting Protocol

Step 1: Source Check

Questions to answer:
- [ ] Where did this skill come from?
- [ ] Is the author known/reputable?
- [ ] How many downloads/stars does it have?
- [ ] When was it last updated?
- [ ] Are there reviews from other agents?

Step 2: Code Review (MANDATORY)

Read ALL files in the skill. Check for these RED FLAGS:

🚨 REJECT IMMEDIATELY IF YOU SEE:
─────────────────────────────────────────
• curl/wget to unknown URLs
• Sends data to external servers
• Requests credentials/tokens/API keys
• Reads ~/.ssh, ~/.aws, ~/.config without clear reason
• Accesses MEMORY.md, USER.md, SOUL.md, IDENTITY.md
• Uses base64 decode on anything
• Uses eval() or exec() with external input
• Modifies system files outside workspace
• Installs packages without listing them
• Network calls to IPs instead of domains
• Obfuscated code (compressed, encoded, minified)
• Requests elevated/sudo permissions
• Accesses browser cookies/sessions
• Touches credential files
─────────────────────────────────────────

Step 3: Permission Scope

Evaluate:
- [ ] What files does it need to read?
- [ ] What files does it need to write?
- [ ] What commands does it run?
- [ ] Does it need network access? To where?
- [ ] Is the scope minimal for its stated purpose?

Step 4: Risk Classification

Risk LevelExamplesAction
🟢 LOWNotes, weather, formattingBasic review, install OK
🟡 MEDIUMFile ops, browser, APIsFull code review required
🔴 HIGHCredentials, trading, systemHuman approval required
⛔ EXTREMESecurity configs, root accessDo NOT install

Output Format

After vetting, produce this report:

SKILL VETTING REPORT
═══════════════════════════════════════
Skill: [name]
Source: [ClawdHub / GitHub / other]
Author: [username]
Version: [version]
───────────────────────────────────────
METRICS:
• Downloads/Stars: [count]
• Last Updated: [date]
• Files Reviewed: [count]
───────────────────────────────────────
RED FLAGS: [None / List them]

PERMISSIONS NEEDED:
• Files: [list or "None"]
• Network: [list or "None"]  
• Commands: [list or "None"]
───────────────────────────────────────
RISK LEVEL: [🟢 LOW / 🟡 MEDIUM / 🔴 HIGH / ⛔ EXTREME]

VERDICT: [✅ SAFE TO INSTALL / ⚠️ INSTALL WITH CAUTION / ❌ DO NOT INSTALL]

NOTES: [Any observations]
═══════════════════════════════════════

Quick Vet Commands

For GitHub-hosted skills:

# Check repo stats
curl -s "https://api.github.com/repos/OWNER/REPO" | jq '{stars: .stargazers_count, forks: .forks_count, updated: .updated_at}'

# List skill files
curl -s "https://api.github.com/repos/OWNER/REPO/contents/skills/SKILL_NAME" | jq '.[].name'

# Fetch and review SKILL.md
curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/skills/SKILL_NAME/SKILL.md"

Trust Hierarchy

  1. Official OpenClaw skills → Lower scrutiny (still review)
  2. High-star repos (1000+) → Moderate scrutiny
  3. Known authors → Moderate scrutiny
  4. New/unknown sources → Maximum scrutiny
  5. Skills requesting credentials → Human approval always

Remember

  • No skill is worth compromising security
  • When in doubt, don't install
  • Ask your human for high-risk decisions
  • Document what you vet for future reference

Paranoia is a feature. 🔒🦀

Comments

Loading comments...