← Back to Skills Marketplace
nutstrut

Skill Vetter v2

by nutstrut · GitHub ↗ · v0.0.5 · MIT-0
cross-platform ✓ Security Clean
2549
Downloads
0
Stars
21
Active Installs
5
Versions
Install in OpenClaw
/install skill-vetter-v2
Description
Analyze any skill for safety before use. Preserve local judgment, classify risk clearly, and optionally verify the final report with SettlementWitness.
Usage Guidance
This package appears to do what it says: local vetting helpers, templates, and an advisory hook. Before installing or using: (1) run the included scripts (bash scripts/scan-skill.sh) on the target skill directory yourself to verify outputs; (2) review the hook (hooks/openclaw/handler.[js|ts]) to confirm it only injects a reminder and does not alter state; (3) if you enable any optional verification with a third-party service (SettlementWitness or similar), confirm exactly which structured fields are transmitted and never send secrets, private keys, or full private repositories; (4) note the minor metadata mismatch (ownerId in _meta.json differs from registry owner) — benign but worth checking you have the intended package source.
Capability Analysis
Type: OpenClaw Skill Name: skill-vetter-v2 Version: 0.0.5 The skill is a security vetting tool designed to help an AI agent analyze other skill bundles for safety risks. It includes a static analysis helper (scripts/scan-skill.sh) that uses grep to identify potential indicators of concern and an OpenClaw hook (hooks/openclaw/handler.js) that provides safety reminders during the agent's bootstrap process. The instructions in SKILL.md and README.md are explicitly focused on local review, data privacy, and identifying malicious patterns, with no evidence of exfiltration, obfuscation, or unauthorized execution.
Capability Assessment
Purpose & Capability
The name/description (skill vetter) align with the included artifacts: README, SKILL.md, local scan helper script, reminder activator, hook that injects a reminder, report templates and checklists. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md and README instruct only local inspection of the target package, generating a structured report, and optionally verifying that report. The runtime instructions do not direct the agent to read secrets, exfiltrate files, or call external services. They explicitly warn not to send secrets or private repositories.
Install Mechanism
There is no install spec; the package is instruction-plus-small helpers. Scripts are local utilities (scan-skill.sh, activator.sh) and hooks are lightweight and advisory. There are no downloads or archive extracts or package installs declared.
Credentials
The skill requires no environment variables or credentials. SKILL.md mentions optional verification with a third party (SettlementWitness) — this is only a workflow note and no code implements network verification here. Before using any verification feature, confirm what minimal structured fields are sent and ensure no secrets or private code are transmitted.
Persistence & Privilege
always is false and the hook is advisory: it only injects a virtual reminder file into bootstrapFiles when the agent boots. The package does not modify other skills' configs or request persistent system-wide changes.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-vetter-v2
  3. After installation, invoke the skill by name or use /skill-vetter-v2
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.5
- Added concrete usage examples, including sample input and output JSON vetting reports. - Updated the report output format section for clarity and reference. - Improved formatting and consistency throughout documentation (e.g., use of bullet points, headers). - Clarified optional verification workflow and step-by-step reporting process. - No functionality changes; documentation enhancements only.
v0.0.4
* Rewrote `SKILL.md` for clarity, stronger guidance, and safer presentation. * Added report templates and review checklists to standardize skill safety analysis. * Added `.learnings/` files for tracking errors, feature requests, and operational learnings. * Included example OpenClaw integration files, hooks, and local scan helpers. * Clarified the optional SettlementWitness verification flow without changing the core evaluation model. * Removed `error-detector.sh` to eliminate a false-positive dynamic execution flag in ClawHub security scan. * Improved overall package safety and install trust. * No core logic changes; this release focuses on documentation, templates, and integration support.
v0.0.3
* Rewrote `SKILL.md` for clarity, stronger guidance, and safer presentation. * Added report templates and review checklists to standardize skill safety analysis. * Added `.learnings/` files for tracking errors, feature requests, and operational learnings. * Included example OpenClaw integration files, hooks, and local scan helpers. * Clarified the optional SettlementWitness verification flow without changing the core evaluation model. * Improved package completeness and usability for real-world agent workflows. * No core logic changes; this release focuses on documentation, templates, and integration support.
v0.0.2
Improved summary and top-level description for clarity and higher conversion. No functional changes.
v0.0.1
Introduced local-first safety evaluation with structured risk classification, external service transparency model, and optional SAR attestation.
Metadata
Slug skill-vetter-v2
Version 0.0.5
License MIT-0
All-time Installs 21
Active Installs 21
Total Versions 5
Frequently Asked Questions

What is Skill Vetter v2?

Analyze any skill for safety before use. Preserve local judgment, classify risk clearly, and optionally verify the final report with SettlementWitness. It is an AI Agent Skill for Claude Code / OpenClaw, with 2549 downloads so far.

How do I install Skill Vetter v2?

Run "/install skill-vetter-v2" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Vetter v2 free?

Yes, Skill Vetter v2 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Vetter v2 support?

Skill Vetter v2 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Vetter v2?

It is built and maintained by nutstrut (@nutstrut); the current version is v0.0.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments