← Back to Skills Marketplace
bingze00000

Skill Vetter Jarvis

by bingze00000 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
110
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install skill-vetter-jarvis
Description
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Usage Guidance
This skill is an instruction-only vet checklist and appears coherent with its stated purpose. Before using it: 1) Ensure your agent environment has curl and jq if you want to run the example quick-commands (SKILL.md does not declare required binaries). 2) When following its advice, ensure the agent reads only the skill bundle files (not arbitrary home directories) — vetting should not grant the agent blanket access to your ~/.ssh, ~/.aws, or other sensitive paths. 3) The _meta.json version (1.0.1) differs from the SKILL.md header (1.0.0); this is minor but you may want to confirm the canonical version. 4) Do not let automated vetting be the sole decision-maker for high-risk skills — follow its checklist and require human review for medium/high/extreme findings.
Capability Analysis
Type: OpenClaw Skill Name: skill-vetter-jarvis Version: 1.0.0 The skill-vetter-jarvis bundle is a defensive tool designed to provide a security vetting protocol for AI agents. It contains instructions (SKILL.md) that guide the agent to identify red flags such as data exfiltration, unauthorized credential access, and obfuscated code in other skills. The provided shell commands are limited to standard GitHub API calls for repository inspection, and the overall intent is clearly aligned with improving the security posture of the agent environment.
Capability Assessment
Purpose & Capability
Name and description match the content of SKILL.md: a checklist and commands for vetting other skills. No unrelated environment vars, binaries, or installs are requested.
Instruction Scope
SKILL.md stays on-topic: it instructs reviewing skill files, checking for obvious red flags, and gives GitHub API curl examples. It does not direct reading system files or exfiltrating data beyond the expected GitHub queries. The directive to "Read ALL files in the skill" is appropriate for a vetting tool (it targets the skill bundle, not arbitrary system files).
Install Mechanism
No install spec and no code files — the skill is instruction-only, which minimizes risk. Nothing is downloaded or executed by the skill itself.
Credentials
No required environment variables, credentials, or config paths are declared. The vetting instructions specifically mark credential requests and access to ~/.ssh, ~/.aws, etc., as red flags.
Persistence & Privilege
Flags use default (always:false) and model invocation is allowed (normal). There is no request for permanent presence or changes to other skills' configs. Note: because disable-model-invocation is false, an agent could invoke this skill autonomously — appropriate for a vetting helper but worth noting.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-vetter-jarvis
  3. After installation, invoke the skill by name or use /skill-vetter-jarvis
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of skill-vetter-jarvis. - Provides a security-first vetting protocol for AI agent skills before installation. - Includes detailed checklists for source verification, code review, permission scope, and risk classification. - Defines red flags to immediately reject, permission evaluation steps, and risk levels from LOW to EXTREME. - Supplies a clear output format for vetting reports. - Offers quick vetting commands and a trust hierarchy to guide review rigor. - Emphasizes documenting and cautious installation, prioritizing security.
Metadata
Slug skill-vetter-jarvis
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Skill Vetter Jarvis?

Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,... It is an AI Agent Skill for Claude Code / OpenClaw, with 110 downloads so far.

How do I install Skill Vetter Jarvis?

Run "/install skill-vetter-jarvis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Vetter Jarvis free?

Yes, Skill Vetter Jarvis is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Vetter Jarvis support?

Skill Vetter Jarvis is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Vetter Jarvis?

It is built and maintained by bingze00000 (@bingze00000); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments