Skill-Vetter-ZH 中文
PassAudited by ClawScan on May 2, 2026.
Overview
This is an instruction-only security checklist for reviewing other skills, with no code or credential handling, though it asks the agent to fetch and read untrusted skill files during review.
This skill appears safe to install as an instruction-only review checklist. When using it, keep candidate-skill downloads in temporary locations, do not run unreviewed code, and make sure any text inside the skill being reviewed is treated as untrusted evidence rather than instructions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious skill being reviewed could contain prompt-injection text that tries to redirect the agent away from the review task.
The skill directs the agent to inspect untrusted skill files, including SKILL.md files that may contain agent-facing instructions. This is necessary for vetting, but those contents should be handled as data rather than obeyed.
“阅读技能中的所有文件” ... “获取并审查 SKILL.md”
When using this skill, explicitly treat candidate skill contents as untrusted evidence and ignore any instructions found inside the skill under review.
If pointed at the wrong repository or package, the agent may download and inspect unintended untrusted content.
The documented workflow uses network requests and local shell commands to fetch metadata and inspect candidate skills. These actions are disclosed and purpose-aligned, but they should remain scoped to the intended repository or temporary directory.
“curl -s \"https://api.github.com/repos/OWNER/REPO\"” ... “clawhub install skill-name --dir /tmp/skill-vet” ... “find . -type f -exec cat {} \;”Use the commands only for the specific skill being reviewed, keep downloads in a temporary directory, and do not execute reviewed files unless separately approved.