skill-vettr
Static analysis security scanner for third-party OpenClaw skills. Detects eval/spawn risks, malicious dependencies, typosquatting, and prompt injection patterns before installation. Use when vetting skills from ClawHub or untrusted sources.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/britrik/skill-vettrskill-vettr v2.0.3
Security scanner for third-party OpenClaw skills. Analyses source code, dependencies, and metadata before installation using tree-sitter AST parsing and regex pattern matching.
Installation
npm install
This installs all Node.js dependencies, including tree-sitter .wasm grammar files required at runtime for AST-based analysis. The .wasm files are located in node_modules and must be present for the skill to function.
⚠️ Install safety:
npm installruns dependency lifecycle scripts, which can execute arbitrary code. For stronger isolation, runnpm ci --ignore-scripts— but note that tree-sitter native/WASM artifacts may not build, breaking AST analysis. Prefer installing inside a container or VM when possible.
External Binaries
The vet-url and vet-clawhub commands invoke external binaries via execSafe (which uses execFile — no shell is spawned). Only the following commands are permitted:
| Binary | Used By | Purpose |
|---|---|---|
git | vet-url | Clone .git URLs (with hooks disabled) |
curl | vet-url | Download archive URLs |
tar | vet-url | Extract downloaded archives |
clawhub | vet-clawhub | Fetch skills from ClawHub registry |
The /skill:vet command (local path vetting) requires only node and no external binaries.
Commands
/skill:vet --path <directory>— Vet a local skill directory/skill:vet-url --url <https://...>— Download and vet from URL/skill:vet-clawhub --skill <slug>— Fetch and vet from ClawHub
Detection Categories
| Category | Method | Examples |
|---|---|---|
| Code execution | AST | eval(), new Function(), vm.runInThisContext() |
| Shell injection | AST | exec(), execSync(), spawn("bash"), child_process imports |
| Dynamic require | AST | require(variable), require(templateString) |
| Prototype pollution | AST | proto assignment |
| Prompt injection | Regex | Instruction override patterns, control tokens (in string literals) |
| Homoglyph attacks | Regex | Cyrillic/Greek lookalike characters in identifiers |
| Encoded names | Regex | Unicode/hex-escaped "eval", "exec" |
| Credential paths | Regex | Cloud and SSH credential directory references, system credential store access |
| Network calls | AST | fetch() with literal URLs (checked against allowlist) |
| Malicious deps | Config | Known bad packages, lifecycle scripts, git/http deps |
| Typosquatting | Levenshtein | Skill names within edit distance 2 of targets |
| Dangerous permissions | Config | shell:exec, credentials:read in SKILL.md |
Limitations
⚠️ **This is a heuristic scanner with inherent limitations.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-britrik-skill-vettr": {
"enabled": true,
"auto_update": true
}
}
}Tags
Related Skills
data-analysis-skill
数据分析技能包 - 自动抓取、清洗、可视化、生成报告。适合数据分析师、运营人员,告别 Excel 手工操作。
opena2a-security
Security hardening for OpenClaw. Audit your configuration, scan installed skills for malware, detect CVE-2026-25253, check credential exposure, and get actionable fix recommendations. Runs locally with no external API calls.
doctorbot-ci-validator
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.
openclaw-security-monitor
Proactive security monitoring, threat scanning, and auto-remediation for OpenClaw deployments
env-setup
Scan codebase for environment variables, generate .env.example, validate .env, and ensure .gitignore safety