← Back to Skills Marketplace
luwinher

Skill Vet

by luwinher · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
462
Downloads
0
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install skill-vet
Description
在安装或运行 skill 前进行安全扫描,检查恶意代码、可疑命令和网络请求等潜在威胁。
Usage Guidance
This skill appears to implement a local static scanner and does not exfiltrate data or call external endpoints, but there are practical inconsistencies to resolve before use: - Runtime: vetting.cjs is a Node script. Ensure the agent/runtime has Node available and clarify how to invoke it (the SKILL.md uses the 'skill-vet' CLI name but no install/installation steps are provided). - Scope of scans: The tool reads files under whatever path you give it. Do not run it pointed at directories containing secrets you don't want read, unless you trust the environment. - False positives: Many flagged patterns (Buffer.from, fs.writeFile, console.log, process.env access) can be benign; review findings manually. - Minor bug: the script references colors.gray which is undefined — this is cosmetic but indicates the code wasn't thoroughly tested. If you plan to install or run this skill, ask the publisher for explicit installation instructions (how to install the 'skill-vet' CLI or how OpenClaw will invoke vetting.cjs) and confirm that Node will be available. Otherwise the code itself looks coherent with its stated purpose and not malicious.
Capability Analysis
Type: OpenClaw Skill Name: skill-vet Version: 1.0.0 The skill is a security utility designed to perform static analysis on other skill bundles to identify high-risk patterns such as dynamic code execution, shell injection, and sensitive environment variable access. The implementation in `vetting.cjs` is transparent, uses only built-in Node.js modules (fs, path), and contains no evidence of data exfiltration, malicious execution, or prompt injection.
Capability Assessment
Purpose & Capability
The name/description (a security scanner) align with the included vetting.cjs scanner: it searches files for risky patterns and reports findings. However, the package declares no required binaries or install spec while providing a Node.js CLI script (vetting.cjs). Running this script requires Node on the agent/runtime and a way to invoke it as 'skill-vet' — neither is declared or documented in the SKILL.md, so the runtime expectations are unclear.
Instruction Scope
SKILL.md describes only scanning skill directories and generating reports; the tool's code implements that behavior and does not attempt to read or transmit data off-host. It walks the target path, reads files, and reports regex matches. One note: the README/commands assume a 'skill-vet' executable, but no install instructions are provided.
Install Mechanism
There is no install spec. The skill includes a Node .cjs CLI (shebang present) but does not declare Node as a required binary nor provide steps to install the CLI or place it on PATH. This mismatch makes it unclear how the tool is intended to be executed in the target environment.
Credentials
The skill requests no environment variables, credentials, or config paths. The code scans for patterns like process.env.* in target files (i.e., it detects code that accesses env vars) but does not access the runtime environment's secrets itself.
Persistence & Privilege
always is false and the code does not persist configuration, modify other skills, or request elevated privileges. The tool only reads files in the target path and exits with non-zero when high-risk findings exist.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-vet
  3. After installation, invoke the skill by name or use /skill-vet
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Slug skill-vet
Version 1.0.0
License
All-time Installs 3
Active Installs 3
Total Versions 1
Frequently Asked Questions

What is Skill Vet?

在安装或运行 skill 前进行安全扫描,检查恶意代码、可疑命令和网络请求等潜在威胁。 It is an AI Agent Skill for Claude Code / OpenClaw, with 462 downloads so far.

How do I install Skill Vet?

Run "/install skill-vet" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Vet free?

Yes, Skill Vet is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Skill Vet support?

Skill Vet is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Vet?

It is built and maintained by luwinher (@luwinher); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments