skill-vettr
Static analysis security scanner for third-party OpenClaw skills. Detects eval/spawn risks, malicious dependencies, typosquatting, and prompt injection patterns before installation. Use when vetting skills from ClawHub or untrusted sources.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/britrik/skill-vettrskill-vettr v2.0.3
Security scanner for third-party OpenClaw skills. Analyses source code, dependencies, and metadata before installation using tree-sitter AST parsing and regex pattern matching.
Installation
npm install
This installs all Node.js dependencies, including tree-sitter .wasm grammar files required at runtime for AST-based analysis. The .wasm files are located in node_modules and must be present for the skill to function.
⚠️ Install safety:
npm installruns dependency lifecycle scripts, which can execute arbitrary code. For stronger isolation, runnpm ci --ignore-scripts— but note that tree-sitter native/WASM artifacts may not build, breaking AST analysis. Prefer installing inside a container or VM when possible.
External Binaries
The vet-url and vet-clawhub commands invoke external binaries via execSafe (which uses execFile — no shell is spawned). Only the following commands are permitted:
| Binary | Used By | Purpose |
|---|---|---|
git | vet-url | Clone .git URLs (with hooks disabled) |
curl | vet-url | Download archive URLs |
tar | vet-url | Extract downloaded archives |
clawhub | vet-clawhub | Fetch skills from ClawHub registry |
The /skill:vet command (local path vetting) requires only node and no external binaries.
Commands
/skill:vet --path <directory>— Vet a local skill directory/skill:vet-url --url <https://...>— Download and vet from URL/skill:vet-clawhub --skill <slug>— Fetch and vet from ClawHub
Detection Categories
| Category | Method | Examples |
|---|---|---|
| Code execution | AST | eval(), new Function(), vm.runInThisContext() |
| Shell injection | AST | exec(), execSync(), spawn("bash"), child_process imports |
| Dynamic require | AST | require(variable), require(templateString) |
| Prototype pollution | AST | proto assignment |
| Prompt injection | Regex | Instruction override patterns, control tokens (in string literals) |
| Homoglyph attacks | Regex | Cyrillic/Greek lookalike characters in identifiers |
| Encoded names | Regex | Unicode/hex-escaped "eval", "exec" |
| Credential paths | Regex | Cloud and SSH credential directory references, system credential store access |
| Network calls | AST | fetch() with literal URLs (checked against allowlist) |
| Malicious deps | Config | Known bad packages, lifecycle scripts, git/http deps |
| Typosquatting | Levenshtein | Skill names within edit distance 2 of targets |
| Dangerous permissions | Config | shell:exec, credentials:read in SKILL.md |
Limitations
⚠️ **This is a heuristic scanner with inherent limitations.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-britrik-skill-vettr": {
"enabled": true,
"auto_update": true
}
}
}Tags
Related Skills
doctorbot-ci-validator
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.
arc-shield
Output sanitization for agent responses - prevents accidental secret leaks
AURA Security Scanner
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
sbom-explainer
把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描.
securityvitals
Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.