Vibelevel Analyzer
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to fetch public GitHub vibe data from vibelevel.xyz for a user-supplied username, with no credential use, persistence, or account-changing behavior shown.
This looks safe for its stated purpose. Before installing, be aware that it runs a local curl-based script and sends the GitHub username you ask about to vibelevel.xyz; no evidence shows hidden data access, persistence, or destructive behavior.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A queried GitHub username is sent to vibelevel.xyz to retrieve the score data.
The script sends the requested GitHub username to an external API, which is expected for the stated vibe-checking purpose and is limited by username validation.
curl -sf --max-time 30 ... "https://vibelevel.xyz/api/vibe/${USERNAME}"Use it when you are comfortable having the requested GitHub username checked through vibelevel.xyz.
Users have limited provenance information beyond the supplied artifacts and homepage.
The registry does not identify a source repository or package provenance, although the included script is present and no remote install step is shown.
Source: unknown
Review the included script and confirm the homepage/service is one you trust before installing.