HighlightedCurrent version: v1.0.0
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
spclaudehome
@spclaudehome
427
Stars
106.9K
Downloads
0
Comments
1.9K
Current installs
Current version
v1.0.0
Available on
Not specified
Last updated
Feb 26, 2026
Versions
1
All-time installs
1.9K
Source
spclaudehome/skill-vetter
Full content
SKILL.md
Skill Vetter š
Security-first vetting protocol for AI agent skills. Never install a skill without vetting it first.
When to Use
- Before installing any skill from ClawdHub
- Before running skills from GitHub repos
- When evaluating skills shared by other agents
- Anytime you're asked to install unknown code
Vetting Protocol
Step 1: Source Check
Questions to answer:
- [ ] Where did this skill come from?
- [ ] Is the author known/reputable?
- [ ] How many downloads/stars does it have?
- [ ] When was it last updated?
- [ ] Are there reviews from other agents?
Step 2: Code Review (MANDATORY)
Read ALL files in the skill. Check for these RED FLAGS:
šØ REJECT IMMEDIATELY IF YOU SEE:
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā¢ curl/wget to unknown URLs
ā¢ Sends data to external servers
ā¢ Requests credentials/tokens/API keys
ā¢ Reads ~/.ssh, ~/.aws, ~/.config without clear reason
ā¢ Accesses MEMORY.md, USER.md, SOUL.md, IDENTITY.md
ā¢ Uses base64 decode on anything
ā¢ Uses eval() or exec() with external input
ā¢ Modifies system files outside workspace
ā¢ Installs packages without listing them
ā¢ Network calls to IPs instead of domains
ā¢ Obfuscated code (compressed, encoded, minified)
ā¢ Requests elevated/sudo permissions
ā¢ Accesses browser cookies/sessions
ā¢ Touches credential files
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
Step 3: Permission Scope
Evaluate:
- [ ] What files does it need to read?
- [ ] What files does it need to write?
- [ ] What commands does it run?
- [ ] Does it need network access? To where?
- [ ] Is the scope minimal for its stated purpose?
Step 4: Risk Classification
| Risk Level | Examples | Action |
|---|---|---|
| š¢ LOW | Notes, weather, formatting | Basic review, install OK |
| š” MEDIUM | File ops, browser, APIs | Full code review required |
| š“ HIGH | Credentials, trading, system | Human approval required |
| ā EXTREME | Security configs, root access | Do NOT install |
Output Format
After vetting, produce this report:
SKILL VETTING REPORT
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
Skill: [name]
Source: [ClawdHub / GitHub / other]
Author: [username]
Version: [version]
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
METRICS:
ā¢ Downloads/Stars: [count]
ā¢ Last Updated: [date]
ā¢ Files Reviewed: [count]
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
RED FLAGS: [None / List them]
PERMISSIONS NEEDED:
ā¢ Files: [list or "None"]
ā¢ Network: [list or "None"]
ā¢ Commands: [list or "None"]
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
RISK LEVEL: [š¢ LOW / š” MEDIUM / š“ HIGH / ā EXTREME]
VERDICT: [ā
SAFE TO INSTALL / ā ļø INSTALL WITH CAUTION / ā DO NOT INSTALL]
NOTES: [Any observations]
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
Quick Vet Commands
For GitHub-hosted skills:
# Check repo stats
curl -s "https://api.github.com/repos/OWNER/REPO" | jq '{stars: .stargazers_count, forks: .forks_count, updated: .updated_at}'
# List skill files
curl -s "https://api.github.com/repos/OWNER/REPO/contents/skills/SKILL_NAME" | jq '.[].name'
# Fetch and review SKILL.md
curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/skills/SKILL_NAME/SKILL.md"
Trust Hierarchy
- Official OpenClaw skills ā Lower scrutiny (still review)
- High-star repos (1000+) ā Moderate scrutiny
- Known authors ā Moderate scrutiny
- New/unknown sources ā Maximum scrutiny
- Skills requesting credentials ā Human approval always
Remember
- No skill is worth compromising security
- When in doubt, don't install
- Ask your human for high-risk decisions
- Document what you vet for future reference
Paranoia is a feature. šš¦