skill-vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/aysun168/skill-vetter-bakWhat This Skill Does
The skill-vetter acts as your personal security auditor within the OpenClaw environment. Its primary function is to intercept, analyze, and grade third-party AI skills before they are granted execution privileges. In an ecosystem where AI agents can execute code or interact with your file system, skill-vetter serves as a critical firewall that systematically checks for malicious patterns, excessive permission requests, and suspicious obfuscation techniques.
Installation
To install skill-vetter, execute the following command in your terminal:
clawhub install openclaw/skills/skills/aysun168/skill-vetter-bak
Ensure that you are running the most recent version to stay protected against the latest known attack vectors and obfuscation methods.
Use Cases
- Pre-Installation Auditing: Run this before installing any new capability from ClawdHub or GitHub.
- Dependency Management: Use it to inspect sub-dependencies or bundled skills within a larger repository.
- Agent Security Hardening: Integrate this into your agent's configuration to automatically reject any skill that does not pass a 'LOW' risk classification.
- Policy Enforcement: Use the vetting report as a documentation record for corporate or personal compliance.
Example Prompts
- "Vetter, I'm thinking of installing the 'auto-trader-pro' skill from GitHub. Please perform a deep code analysis and check for any red flags or hidden network calls."
- "Review the skill located at /tmp/downloads/my-new-tool and generate a full risk classification report for me."
- "Can you check if this plugin requires access to my identity files or SSH keys? I want to make sure it's safe to run."
Tips & Limitations
- Always use caution: Even if
skill-vetterreports 'Low Risk', verify the author's identity and the repository's reputation. - Heuristic-based: The tool identifies patterns and red flags but cannot guarantee 100% protection against zero-day exploits.
- Human-in-the-loop: Always treat any skill tagged as 'HIGH' or 'EXTREME' as a manual-review-only asset. Do not bypass human approval requirements for system-level changes.
- Update Frequently: The blacklist of suspicious patterns is updated regularly; always pull the latest version of the vetter to ensure you are catching current malicious obfuscation styles.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-aysun168-skill-vetter-bak": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read
Related Skills
web-access
所有联网操作必须通过此 skill 处理,包括:搜索、网页抓取、登录后操作、网络交互等。 触发场景:用户要求搜索信息、查看网页内容、访问需要登录的网站、操作网页界面、抓取社交媒体内容(小红书、微博、推特等)、读取动态渲染页面、以及任何需要真实浏览器环境的网络任务。
tavily-search
Use Tavily API for real-time web search and content extraction. Use when: user needs real-time web search results, research, or current information from the web. Requires Tavily API key.
baidu-search
Search the web using Baidu AI Search Engine (BDSE). Use for live information, documentation, or research topics.
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when (1) a command, tool, API, or operation fails; (2) the user corrects you or rejects your work; (3) you realize your knowledge is outdated or incorrect; (4) you discover a better approach; (5) the user explicitly installs or references the skill for the current task.