songsunny00/skills/skill-vetter

Skill Vetter — ClawHub

Security-first vetting protocol for AI agent skills. Never install a skill without vetting it first.

When to Use

• Before installing any skill from ClawdHub
• Before running skills from GitHub repos
• When evaluating skills shared by other agents
• Anytime you're asked to install unknown code

Vetting Protocol

Step 1: Source Check Questions to answer:

• [ ] Where did this skill come from?
• [ ] Is the author known/reputable?
• [ ] How many downloads/stars does it have?
• [ ] When was it last updated?
• [ ] Are there reviews from other agents?

Step 2: Code Review (MANDATORY) Read ALL files in the skill. Check for these RED FLAGS:

🚨 REJECT IMMEDIATELY IF YOU SEE: ───────────────────────────────────────── • curl/wget to unknown URLs • Sends data to external servers • Requests credentials/tokens/API keys • Reads ~/.ssh, ~/.aws, ~/.config without clear reason • Accesses MEMORY.md, USER.md, SOUL.md, IDENTITY.md • Uses base64 decode on anything • Uses eval() or exec() with external input • Modifies system files outside workspace • Installs packages without listing them • Network calls to IPs instead of domains • Obfuscated code (compressed, encoded, minified) • Requests elevated/sudo permissions • Accesses browser cookies/sessions • Touches credential files ─────────────────────────────────────────

Step 3: Permission Scope Evaluate:

• [ ] What files does it need to read?
• [ ] What files does it need to write?
• [ ] What commands does it run?
• [ ] Does it need network access? To where?
• [ ] Is the scope minimal for its stated purpose?

Step 4: Risk Classification

Risk Level | Examples | Action 🟢 LOW | Notes, weather, formatting | Basic review, install OK 🟡 MEDIUM | File ops, browser, APIs | Full code review required 🔴 HIGH | Credentials, trading, system | Human approval required ⛔ EXTREME | Security configs, root access | Do NOT install

Output Format After vetting, produce this report:

SKILL VETTING REPORT ═══════════════════════════════════════ Skill: [name] Source: [ClawdHub / GitHub / other] Author: [username] Version: [version] ─────────────────────────────────────── METRICS: • Downloads/Stars: [count] • Last Updated: [date] • Files Reviewed: [count] ─────────────────────────────────────── RED FLAGS: [None / List them]

PERMISSIONS NEEDED: • Files: [list or "None"] • Network: [list or "None"]
• Commands: [list or "None"] ─────────────────────────────────────── RISK LEVEL: [🟢 LOW / 🟡 MEDIUM / 🔴 HIGH / ⛔ EXTREME]

VERDICT: [✅ SAFE TO INSTALL / ⚠️ INSTALL WITH CAUTION / ❌ DO NOT INSTALL]

NOTES: [Any observations] ═══════════════════════════════════════

Quick Vet Commands For GitHub-hosted skills:

Check repo stats

curl -s "https://api.github.com/repos/OWNER/REPO" | jq '{stars: .stargazers_count, forks: .forks_count, updated: .updated_at}'

List skill files

curl -s "https://api.github.com/repos/OWNER/REPO/contents/skills/SKILL_NAME" | jq '.[].name'

Fetch and review SKILL.md

curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/skills/SKILL_NAME/SKILL.md"

Trust Hierarchy

Official OpenClaw skills → Lower scrutiny (still review) High-star repos (1000+) → Moderate scrutiny Known authors → Moderate scrutiny New/unknown sources → Maximum scrutiny Skills requesting credentials → Human approval always

Remember

• No skill is worth compromising security
• When in doubt, don't install
• Ask your human for high-risk decisions
• Document what you vet for future reference

Paranoia is a feature. 🔒🦀