ClawHub

Skill Vetter Guide

v1.1.0

Guide for vetting third-party OpenClaw skills before installation using the Skill Vetter security protocol. Use when installing any third-party skill, auditi...

0· 70·0 current·0 all-time
by@vibesparkingai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (a guide to vet third-party skills) match the actual content: an instruction-only skill with no required binaries, env vars, or installs. All declared requirements (none) are proportionate to the stated purpose.
Instruction Scope
The SKILL.md correctly instructs reviewers to fetch and review every file in candidate skills and to write standardized reports. That scope is appropriate for a vetting tool, but the guide also recommends writing to local memory/audit files, editing AGENTS.md, and creating cron jobs to run periodic scans. Those are reasonable for enforcement, but they grant the vetting process broad read/write access to agent config and skills directories — ensure human oversight and read-only scanning where appropriate.
Install Mechanism
No install spec or code files are present; this is instruction-only, which minimizes installation risk. The SKILL.md references a canonical source (ClawHub/GitHub), but the registry entry's source is 'unknown' — verify the actual repository before fetching anything.
Credentials
The skill requests no environment variables, credentials, or special config paths. The red-flag checklist within the guide intentionally mentions sensitive locations (e.g., ~/.ssh, ~/.aws) as things to look for in other skills — it does not request access to them itself.
Persistence & Privilege
Although the skill is not set to always:true and does not autonomously require credentials, it explicitly recommends persistent enforcement steps (adding a rule to AGENTS.md; setting up a cron job every 4 hours). These changes would create persistent, system-level behavior that should be applied only with explicit human approval and careful review of the automation scripts.
Assessment
This guide is coherent and useful for its stated purpose, but take these precautions before using it: (1) verify the actual source repo before fetching or copying files (the registry entry lists 'unknown'); (2) when running audits, prefer read-only scans and keep a human-in-the-loop for any HIGH/EXTREME findings; (3) do not let automated prompts or an agent write AGENTS.md or install cron jobs without manual review — those are persistent changes that affect all agents; (4) when following the guide to vet a skill, pay extra attention to any skill that reads ~/.ssh, ~/.aws, openclaw config files, or performs outgoing network requests; (5) keep an audit trail of who authorized adding enforcement rules or scheduled tasks so changes can be reverted if needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fbcjabfgzr6acvtf0wtkn698499b7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments