← Back to Skills Marketplace

Safespace Rater

Name: Safespace Rater
Author: vpn2004

by vpn2004 · GitHub ↗ · v1.3.4

cross-platform ⚠ suspicious

439

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install safespace-rater

Description

Use when users need to audit local OpenClaw skills, generate trust scores, and optionally publish those scores to SafeSpace.

Usage Guidance

This skill appears to do what it says (audit local skills, produce reports, and optionally publish ratings). Before installing or running it: 1) Inspect the Go repository it may 'go install' (github.com/vpn2004/SkillVet) or build the binary yourself rather than auto‑installing compiled code fetched from the network. 2) Verify the SAFESPACE_SERVER endpoint — the default domain is uncommon; if you will publish ratings, point it to a known/trusted server. 3) If you don't want data leaving your machine, run audit-local with upload/publish flags disabled (dry-run) and avoid exporting SAFESPACE_LLM_API_KEY or other credentials. 4) Review the Go binary source (if possible) or build it in a sandbox/container to limit blast radius. 5) Consider running the tool on a copy of your skills directory first to confirm outputs and behavior.

Capability Analysis

Type: OpenClaw Skill Name: safespace-rater Version: 1.3.4 The skill is classified as suspicious primarily due to a significant supply chain vulnerability in `scripts/safespace-rater.sh`. The script attempts to auto-bootstrap the `safespace-rater` binary by executing `go install github.com/vpn2004/SkillVet/cmd/safespace-rater@latest`. This command fetches and compiles code from a remote GitHub repository at runtime. If the upstream `github.com/vpn2004/SkillVet` repository were compromised, it could lead to the installation and execution of arbitrary malicious code on the user's system. While the skill's stated purpose (auditing local skills and publishing scores to `https://skillvet.cc.cd`) and its handling of `SAFESPACE_LLM_API_KEY` for LLM integration are aligned with its functionality, the reliance on remote code compilation for installation introduces a high-risk, unverified execution path.

Capability Assessment

✓ Purpose & Capability

Name/description, SKILL.md, and the shell wrapper align: the skill is a CLI that audits local skills, creates reports, and can publish ratings. The wrapper simply locates or bootstraps a safespace-rater binary and then execs it — this is coherent with the stated purpose.

✓ Instruction Scope

SKILL.md instructs the agent to read a local skills directory (~/.agents/skills by default), optionally read a runtime LLM score file, register a local identity, and write reports to ~/.safespace. Those actions are within the scope of an auditing/rater tool and do not request unrelated system-wide data or credentials. The doc does advertise optional submission to a remote server (SAFESPACE_SERVER).

ℹ Install Mechanism

There is no registry install spec, but the included script will attempt to auto-bootstrap the runtime via 'go install' using GO_INSTALL_SPEC (github.com/vpn2004/SkillVet/cmd/safespace-rater@latest) or build from a repo root. Using 'go install' of a third-party repository is a common pattern but is moderate risk because it will fetch and compile remote code. The URL is a normal GitHub-style import path (not an arbitrary IP or pastebin).

ℹ Credentials

The skill declares no required env vars; SKILL.md documents optional envs (SAFESPACE_SERVER, SAFESPACE_LLM_* and an OpenAI API key fallback). These optional variables are relevant to the advertised features (server endpoint, LLM fallback). However, providing an API key or allowing uploads will expose data to the chosen server — the default SAFESPACE_SERVER value (https://skillvet.cc.cd) looks nonstandard and should be verified before use.

✓ Persistence & Privilege

The skill is not always-enabled, does not request elevated platform privileges, and does not modify other skills' configs. It writes local outputs under ~/.safespace and registers a local DID identity as expected for its function.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install safespace-rater
After installation, invoke the skill by name or use /safespace-rater
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.3.4

Fix default go install source to public github.com/vpn2004/SkillVet

v1.3.3

Add MIT license file and auto-bootstrap wrapper for missing binary

v1.3.2

Rewrite SKILL.md as plain bilingual (ZH/EN) guide with value and quickstart

v1.3.1

Initial publish of safespace-rater client skill

Metadata

Slug safespace-rater

Version 1.3.4

License —

All-time Installs 0

Active Installs 0

Total Versions 4

Frequently Asked Questions

What is Safespace Rater?

Use when users need to audit local OpenClaw skills, generate trust scores, and optionally publish those scores to SafeSpace. It is an AI Agent Skill for Claude Code / OpenClaw, with 439 downloads so far.

How do I install Safespace Rater?

Run "/install safespace-rater" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Safespace Rater free?

Yes, Safespace Rater is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Safespace Rater support?

Safespace Rater is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Safespace Rater?

It is built and maintained by vpn2004 (@vpn2004); the current version is v1.3.4.

More Skills