Skills/ #security/ #GitHub/ #Permission

Skill Vetter

Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.

spclaudehome@spclaudehome

Install

Run this command against the local KakaHub registry.

$ openclaw install skill-vetter --registry http://localhost:13001Download

README

--- name: skill-vetter version: 1.0.0 description: Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns. ---

Skill Vetter πŸ”’

Security-first vetting protocol for AI agent skills. **Never install a skill without vetting it first.**

When to Use

  • Before installing any skill from ClawdHub
  • Before running skills from GitHub repos
  • When evaluating skills shared by other agents
  • Anytime you're asked to install unknown code

Vetting Protocol

Step 1: Source Check

Questions to answer:

  • [ ] Where did this skill come from?
  • [ ] Is the author known/reputable?
  • [ ] How many downloads/stars does it have?
  • [ ] When was it last updated?
  • [ ] Are there reviews from other agents?

Step 2: Code Review (MANDATORY)

Read ALL files in the skill. Check for these **RED FLAGS**:

🚨 REJECT IMMEDIATELY IF YOU SEE: ───────────────────────────────────────── β€’ curl/wget to unknown URLs β€’ Sends data to external servers β€’ Requests credentials/tokens/API keys β€’ Reads ~/.ssh, ~/.aws, ~/.config without clear reason β€’ Accesses MEMORY.md, USER.md, SOUL.md, IDENTITY.md β€’ Uses base64 decode on anything β€’ Uses eval() or exec() with external input β€’ Modifies system files outside workspace β€’ Installs packages without listing them β€’ Network calls to IPs instead of domains β€’ Obfuscated code (compressed, encoded, minified) β€’ Requests elevated/sudo permissions β€’ Accesses browser cookies/sessions β€’ Touches credential files ─────────────────────────────────────────

Step 3: Permission Scope

Evaluate:

  • [ ] What files does it need to read?
  • [ ] What files does it need to write?
  • [ ] What commands does it run?
  • [ ] Does it need network access? To where?
  • [ ] Is the scope minimal for its stated purpose?

Step 4: Risk Classification

| Risk Level | Examples | Action | |------------|----------|--------| | 🟒 LOW | Notes, weather, formatting | Basic review, install OK | | 🟑 MEDIUM | File ops, browser, APIs | Full code review required | | πŸ”΄ HIGH | Credentials, trading, system | Human approval required | | β›” EXTREME | Security configs, root access | Do NOT install |

Output Format

After vetting, produce this report:

SKILL VETTING REPORT ═══════════════════════════════════════ Skill: [name] Source: [ClawdHub / GitHub / other] Author: [username] Version: [version] ─────────────────────────────────────── METRICS: β€’ Downloads/Stars: [count] β€’ Last Updated: [date] β€’ Files Reviewed: [count] ─────────────────────────────────────── RED FLAGS: [None / List them]

PERMISSIONS NEEDED: β€’ Files: [list or "None"] β€’ Network: [list or "None"] β€’ Commands: [list or "None"] ─────────────────────────────────────── RISK LEVEL: [🟒 LOW / 🟑 MEDIUM / πŸ”΄ HIGH / β›” EXTREME]

VERDICT: [βœ… SAFE TO INSTALL / ⚠️ INSTALL WITH CAUTION / ❌ DO NOT INSTALL]

NOTES: [Any observations] ═══════════════════════════════════════

Quick Vet Commands

For GitHub-hosted skills:

bash# Check repo stats
curl -s "https://api.github.com/repos/OWNER/REPO" | jq '{stars: .stargazers_count, forks: .forks_count, updated: .updated_at}'

# List skill files
curl -s "https://api.github.com/repos/OWNER/REPO/contents/skills/SKILL_NAME" | jq '.[].name'

# Fetch and review SKILL.md
curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/skills/SKILL_NAME/SKILL.md"

Trust Hierarchy

1. **Official OpenClaw skills** β†’ Lower scrutiny (still review) 2. **High-star repos (1000+)** β†’ Moderate scrutiny 3. **Known authors** β†’ Moderate scrutiny 4. **New/unknown sources** β†’ Maximum scrutiny 5. **Skills requesting credentials** β†’ Human approval always

Remember

  • No skill is worth compromising security
  • When in doubt, don't install
  • Ask your human for high-risk decisions
  • Document what you vet for future reference

---

*Paranoia is a feature.* πŸ”’πŸ¦€

Install resolver

{
  "artifact": {
    "downloadUrl": "/api/v1/download?slug=skill-vetter&version=1.0.0&ownerHandle=spclaudehome",
    "format": "zip",
    "generated": true,
    "kind": "skillArchive",
    "sha256": "e31c40b1bf189feefc60cbcf54eba52665b28c1c57686ff659b9f8ad4284cc77",
    "size": 5974
  },
  "owner": {
    "displayName": "spclaudehome",
    "handle": "spclaudehome",
    "id": "61a4c97f-38ac-4e37-8cb2-9b86128e590e",
    "verified": false
  },
  "skill": {
    "displayName": "Skill Vetter",
    "latestVersion": "1.0.0",
    "license": "unknown",
    "name": "skill-vetter",
    "ownerHandle": "spclaudehome",
    "slug": "skill-vetter",
    "stats": {
      "downloads": 261814,
      "installs": 12014,
      "stars": 1251
    },
    "summary": "Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.",
    "tags": [
      "security",
      "GitHub",
      "Permission"
    ],
    "type": "skill",
    "updatedAt": "2026-07-06T10:48:12.474Z"
  },
  "sourceHandoff": null,
  "version": {
    "checksum": null,
    "checksumAlgorithm": null,
    "id": "313c831f-94b6-4738-97cc-4764d33d1e32",
    "publishedAt": "2026-01-31T12:43:49.632Z",
    "size": null,
    "version": "1.0.0",
    "artifactStorageKey": null,
    "changelog": "Initial release - Security-first skill vetting for AI agents",
    "manifest": {
      "clawhub": {
        "tags": {
          "latest": "1.0.0"
        },
        "owner": "spclaudehome",
        "stats": {
          "stars": 1251,
          "comments": 0,
          "installs": 12014,
          "versions": 1,
          "downloads": 261814
        },
        "topics": [
          "GitHub",
          "Permission"
        ],
        "categories": [
          "security"
        ]
      },
      "install": "openclaw skills install @spclaudehome/skill-vetter"
    },
    "readme": "---\nname: skill-vetter\nversion: 1.0.0\ndescription: Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.\n---\n\n# Skill Vetter πŸ”’\n\nSecurity-first vetting protocol for AI agent skills. **Never install a skill without vetting it first.**\n\n## When to Use\n\n- Before installing any skill from ClawdHub\n- Before running skills from GitHub repos\n- When evaluating skills shared by other agents\n- Anytime you're asked to install unknown code\n\n## Vetting Protocol\n\n### Step 1: Source Check\n\n```\nQuestions to answer:\n- [ ] Where did this skill come from?\n- [ ] Is the author known/reputable?\n- [ ] How many downloads/stars does it have?\n- [ ] When was it last updated?\n- [ ] Are there reviews from other agents?\n```\n\n### Step 2: Code Review (MANDATORY)\n\nRead ALL files in the skill. Check for these **RED FLAGS**:\n\n```\n🚨 REJECT IMMEDIATELY IF YOU SEE:\n─────────────────────────────────────────\nβ€’ curl/wget to unknown URLs\nβ€’ Sends data to external servers\nβ€’ Requests credentials/tokens/API keys\nβ€’ Reads ~/.ssh, ~/.aws, ~/.config without clear reason\nβ€’ Accesses MEMORY.md, USER.md, SOUL.md, IDENTITY.md\nβ€’ Uses base64 decode on anything\nβ€’ Uses eval() or exec() with external input\nβ€’ Modifies system files outside workspace\nβ€’ Installs packages without listing them\nβ€’ Network calls to IPs instead of domains\nβ€’ Obfuscated code (compressed, encoded, minified)\nβ€’ Requests elevated/sudo permissions\nβ€’ Accesses browser cookies/sessions\nβ€’ Touches credential files\n─────────────────────────────────────────\n```\n\n### Step 3: Permission Scope\n\n```\nEvaluate:\n- [ ] What files does it need to read?\n- [ ] What files does it need to write?\n- [ ] What commands does it run?\n- [ ] Does it need network access? To where?\n- [ ] Is the scope minimal for its stated purpose?\n```\n\n### Step 4: Risk Classification\n\n| Risk Level | Examples | Action |\n|------------|----------|--------|\n| 🟒 LOW | Notes, weather, formatting | Basic review, install OK |\n| 🟑 MEDIUM | File ops, browser, APIs | Full code review required |\n| πŸ”΄ HIGH | Credentials, trading, system | Human approval required |\n| β›” EXTREME | Security configs, root access | Do NOT install |\n\n## Output Format\n\nAfter vetting, produce this report:\n\n```\nSKILL VETTING REPORT\n═══════════════════════════════════════\nSkill: [name]\nSource: [ClawdHub / GitHub / other]\nAuthor: [username]\nVersion: [version]\n───────────────────────────────────────\nMETRICS:\nβ€’ Downloads/Stars: [count]\nβ€’ Last Updated: [date]\nβ€’ Files Reviewed: [count]\n───────────────────────────────────────\nRED FLAGS: [None / List them]\n\nPERMISSIONS NEEDED:\nβ€’ Files: [list or \"None\"]\nβ€’ Network: [list or \"None\"]  \nβ€’ Commands: [list or \"None\"]\n───────────────────────────────────────\nRISK LEVEL: [🟒 LOW / 🟑 MEDIUM / πŸ”΄ HIGH / β›” EXTREME]\n\nVERDICT: [βœ… SAFE TO INSTALL / ⚠️ INSTALL WITH CAUTION / ❌ DO NOT INSTALL]\n\nNOTES: [Any observations]\n═══════════════════════════════════════\n```\n\n## Quick Vet Commands\n\nFor GitHub-hosted skills:\n```bash\n# Check repo stats\ncurl -s \"https://api.github.com/repos/OWNER/REPO\" | jq '{stars: .stargazers_count, forks: .forks_count, updated: .updated_at}'\n\n# List skill files\ncurl -s \"https://api.github.com/repos/OWNER/REPO/contents/skills/SKILL_NAME\" | jq '.[].name'\n\n# Fetch and review SKILL.md\ncurl -s \"https://raw.githubusercontent.com/OWNER/REPO/main/skills/SKILL_NAME/SKILL.md\"\n```\n\n## Trust Hierarchy\n\n1. **Official OpenClaw skills** β†’ Lower scrutiny (still review)\n2. **High-star repos (1000+)** β†’ Moderate scrutiny\n3. **Known authors** β†’ Moderate scrutiny\n4. **New/unknown sources** β†’ Maximum scrutiny\n5. **Skills requesting credentials** β†’ Human approval always\n\n## Remember\n\n- No skill is worth compromising security\n- When in doubt, don't install\n- Ask your human for high-risk decisions\n- Document what you vet for future reference\n\n---\n\n*Paranoia is a feature.* πŸ”’πŸ¦€\n"
  }
}

Versions

VersionSizeUpdated1.0.0Not availableJan 31, 2026