skill-vetter
v1.1.0Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
⭐ 2· 2.2k·7 current·7 all-time
by@stavc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name and description match the instructions: it's a vetting checklist for other skills. It sensibly suggests inspecting files, permissions, network calls, and credentials. Minor inconsistencies: the SKILL.md header uses the name 'vetter-StaJector' and version 1.0.0 whereas registry metadata lists version 1.1.0 and a different ownerId — these are likely bookkeeping mismatches but should be confirmed by the publisher. The SKILL.md expects use of network tools (curl, jq) in its quick commands, but the registry lists no required binaries; this is a small mismatch (the commands will fail if those tools aren't present).
Instruction Scope
All instructions stay within the vetting use-case: they tell the agent to read files in the skill being evaluated, check for a clear set of red flags, and optionally query GitHub for repo metadata. The skill does not instruct the agent to read user home files or exfiltrate data; it explicitly flags access to ~/.ssh, ~/.aws, cookies, etc. as REJECT conditions. The quick-vet commands will make network calls (GitHub/raw.githubusercontent) — expected for reviewing GitHub-hosted skills.
Install Mechanism
Instruction-only skill with no install spec and no code files, which minimizes surface area. There is no downloading or extraction of third-party archives. The only runtime risk is the agent executing the suggested curl/jq commands to fetch remote content during a vet — which is consistent with the vetter's purpose.
Credentials
The skill requests no environment variables, credentials, or config paths. It instructs reviewers to look for credentials requested by other skills (appropriate for a vetter) but does not itself ask for secrets. This is proportionate.
Persistence & Privilege
always:false and normal model invocation settings. The skill is user-invocable and may be called autonomously by the agent (default) — reasonable for a vetting tool. It does not request persistent system changes or special privileges.
Assessment
This is a lightweight, instruction-only vetting checklist and appears coherent for that purpose. Before using it: (1) confirm the publisher metadata (ownerId, version, and the SKILL.md header name mismatch) if you care about provenance; (2) ensure curl and jq are available if you plan to run the quick-vet commands, and be cautious when executing network fetches — fetching a SKILL.md from a remote repo is fine for review, but avoid blindly executing any downloaded scripts; (3) continue to follow the vetter's red flags (especially anything that touches ~/.ssh, ~/.aws, credential files, or that sends data to unknown endpoints). If you want higher assurance, run the vetting steps manually on an isolated machine or sandbox before relying on automated checks.Like a lobster shell, security has layers — review code before you run it.
latestvk975pc1xfn42hgz5b5y1wc90gx83v7dv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.