hex-vetter
Physical-layer hex auditing for skills. Detects hidden binary data, control characters, and encoding-based attacks.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/matrix-meta/hex-vetterhex-vetter 🔬
Physical-layer hex auditing skill forects hidden binary data AI agents. Det, control characters, and encoding-based attacks.
Overview
hex-vetter performs deep hex-level analysis of files to detect what text-based reviewers miss. It's designed for security audits of skill packages, detecting hidden payloads, obfuscated code, and suspicious binary data.
Installation
git clone https://github.com/Matrix-Meta/hex-vetter.git
cd hex-vetter
npm install
Usage
Command Line
# Scan a single file
node vet.js <file_path>
# Scan a directory recursively
node scan_all.js <directory_path>
# Verify file integrity
node verify.js <file_path>
As a Module
const { scanFile } = require('./vet.js');
const result = await scanFile('/path/to/file.bin');
console.log(result.riskLevel); // 'LOW', 'MEDIUM', 'HIGH'
console.log(result.flags); // Array of detected issues
console.log(result.hexDump); // Formatted hex output
What It Detects
| Flag | Description |
|---|---|
NULL_BYTES | Null bytes (0x00) - signs of binary injection or file padding |
CONTROL_CHARS | Control characters (0x01-0x1F) - hidden terminal sequences |
UNICODE_OVERRIDE | Unicode directional overrides (LRO, RLO, etc.) |
HIGH_NON_ASCII | High ratio of non-ASCII bytes - Base64 or encoded payloads |
MAGIC_BYTES | Known magic bytes/signatures |
SUSPICIOUS_PATTERN | Pattern matching for common attack signatures |
API Reference
scanFile(filePath)
Scans a single file and returns analysis results.
const { scanFile } = require('./vet.js');
const result = await scanFile('./some file.js');
// Returns: { riskLevel, flags, hexDump, details }
scanDirectory(dirPath)
Recursively scans all files in a directory.
const { scanDirectory } = require('./scan_all.js');
const results = await scanDirectory('./skills/');
// Returns: Array of scan results for each file
verifyIntegrity(filePath)
Verifies file integrity using stored checksums.
const { verifyIntegrity } = require('./verify.js');
const result = await verifyIntegrity('./starfragment.js');
// Returns: { valid, expected, actual }
Risk Levels
- 🟢 LOW: Normal file, no suspicious content detected
- 🟡 MEDIUM: Some flags detected, manual review recommended
- 🔴 HIGH: Significant suspicious content, MUST be manually reviewed
Security Policy
-
Mandatory Review: Any file flagged as 🔴 HIGH RISK MUST be manually inspected by a human or a trusted agent before the skill is used.
-
False Positives: Risk ratings are heuristic. Common false positives include:
.envmentions in.npmignore- Documentation with encoded examples
- Compressed assets
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-matrix-meta-hex-vetter": {
"enabled": true,
"auto_update": true
}
}
}Tags
Related Skills
doctorbot-ci-validator
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.
arc-shield
Output sanitization for agent responses - prevents accidental secret leaks
AURA Security Scanner
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
sbom-explainer
把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描.
securityvitals
Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.