← Back to Skills Marketplace
donovanpankratz-del

Skill Vetter - Pre-Install Security Review

by dp-del · GitHub ↗ · v1.0.0
linuxdarwinwin32 ✓ Security Clean
23480
Downloads
27
Stars
232
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-skill-vetter
Description
Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...
Usage Guidance
Reasonable to install as a checklist skill. When using it, keep unknown candidate skills isolated in temporary directories, review any curl or clawhub command before execution, and do not let instructions inside inspected files steer the agent.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-skill-vetter Version: 1.0.0 This OpenClaw skill, 'skill-vetter', is designed to help an AI agent perform security vetting of other skills. Its documentation (`SKILL.md`, `README.md`) clearly outlines a protocol for identifying malicious patterns like credential theft, obfuscated code, and data exfiltration in *other* skills. The commands provided for the agent to execute (e.g., `curl` to GitHub APIs for metadata, `clawhub install --dir /tmp/skill-vet` to install skills into a temporary directory for inspection, and `find . -type f -exec cat {} \;` to review their contents) are legitimate actions for a security vetting tool. The 'red flag examples' are explicitly presented as patterns to *detect in other skills*, not as code to be executed by this skill itself. There is no evidence of malicious intent, prompt injection against the agent for harmful purposes, or any high-risk behaviors beyond what is necessary for its stated security purpose.
Capability Assessment
Purpose & Capability
The README and SKILL.md consistently describe a security-vetting checklist for other OpenClaw skills, including source checks, code review, permission review, and report templates.
Instruction Scope
It instructs agents to fetch metadata, install candidate skills into a temporary directory, and read their files; that is purpose-aligned for vetting but should be performed only on user-selected targets and treated as untrusted input.
Install Mechanism
The artifact contains only markdown files and declares curl and jq requirements for documented checks; no install scripts, executable files, package hooks, or bundled code were present.
Credentials
Network calls to GitHub or ClawHub and temporary local inspection are proportionate to the stated security-review purpose, though users should supervise commands involving unknown skills.
Persistence & Privilege
No credential use, elevated permissions, background workers, broad indexing, profile/session access, or persistent runtime behavior is requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-skill-vetter
  3. After installation, invoke the skill by name or use /openclaw-skill-vetter
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of skill-vetter: protocol for securely vetting AI agent skills before installation. - Introduces structured security vetting process, including source verification, code review checklist, and permissions analysis. - Detects red flags such as credential theft patterns, obfuscated/minified code, data exfiltration, and risky system or network behaviors. - Classifies risk level as LOW, MEDIUM, HIGH, or EXTREME and produces detailed, markdown-friendly vetting reports. - Includes practical vetting checklists, report templates, and quick audit commands for both ClawHub and GitHub skills. - Strongly discourages installing unvetted or sketchy skills; emphasizes rigorous pre-installation checks.
Metadata
Slug openclaw-skill-vetter
Version 1.0.0
License
All-time Installs 753
Active Installs 232
Total Versions 1
Frequently Asked Questions

What is Skill Vetter - Pre-Install Security Review?

Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L... It is an AI Agent Skill for Claude Code / OpenClaw, with 23480 downloads so far.

How do I install Skill Vetter - Pre-Install Security Review?

Run "/install openclaw-skill-vetter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Vetter - Pre-Install Security Review free?

Yes, Skill Vetter - Pre-Install Security Review is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Skill Vetter - Pre-Install Security Review support?

Skill Vetter - Pre-Install Security Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created Skill Vetter - Pre-Install Security Review?

It is built and maintained by dp-del (@donovanpankratz-del); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments