← Back to Skills Marketplace

Vet Repo

Name: Vet Repo
Author: itsnishi

by ItsNishi · GitHub ↗ · v1.1.1 · MIT-0

cross-platform ⚠ suspicious

1253

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install vet-repo

Description

Scan repository agent configuration files for known malicious patterns

Usage Guidance

This looks like a legitimate repo scanner, but take the usual precautions before running code from an unknown source: 1) review scripts/vet_repo.py and scripts/patterns.py yourself to confirm behavior, 2) run the scanner on a copy of the repository or inside an isolated/containerized environment, 3) run it offline if you want to avoid accidental network access from other tools, and 4) be aware the scanner will surface any detected secrets or sensitive lines in its output — consider restricting output storage or scanning only non-sensitive copies. If you want stronger guarantees, inspect the pattern DB for false positives/negatives and run the script under restricted privileges.

Capability Analysis

Type: OpenClaw Skill Name: vet-repo Version: 1.1.1 The 'vet-repo' skill is a security tool designed to scan repository configuration files for malicious patterns, such as prompt injection, hook abuse, and supply chain attacks. The bundle consists of a comprehensive pattern database (patterns.py) and a scanner script (vet_repo.py) that performs static analysis on local files like .claude/settings.json and .mcp.json. While it includes a feature to verify npm/PyPI packages via external registry APIs (registry.npmjs.org and pypi.org), this behavior is transparently documented and serves a legitimate security purpose (detecting typosquatting) rather than data exfiltration.

Capability Assessment

✓ Purpose & Capability

Name/description match the included artifacts: the package ships a Python scanner (scripts/vet_repo.py) and a large pattern DB (scripts/patterns.py) that are directly used to scan agent-related config files. Nothing requested by the skill (no env vars, no external binaries) appears disproportionate to the stated purpose.

ℹ Instruction Scope

SKILL.md instructs the user/agent to run the local Python script against a given PROJECT_ROOT. The scanner reads a defined set of config files (.claude/, .mcp.json, CLAUDE.md, .vscode, .cursor) and supporting skill scripts (.py, .sh) and reports matches. This is consistent with the stated goal, but note it will read arbitrary files under the scan scope and will print matched contents (including any secrets it finds). The instructions do not execute repository code; they only open and inspect files.

✓ Install Mechanism

No install spec or remote downloads are used. The skill is delivered with its Python scripts and runs locally; no external package fetching or archive extraction occurs.

✓ Credentials

The skill requests no environment variables or credentials. The patterns include detections for secrets and sensitive configs (expected for a scanner), but the skill itself does not request access to those secrets or attempt to store them.

✓ Persistence & Privilege

always is false and disable-model-invocation is true (the skill will not be autonomously invoked by the model). The skill does not modify other skills or global agent settings; it only reads repository files and prints a report.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install vet-repo
After installation, invoke the skill by name or use /vet-repo
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.1

- Expand pattern database from ~70 to 151 patterns across 15 categories - Add 5 new categories: code_before_review, config_backdoor, memory_corruption, confused_delegation, persistence - New coverage: reverse shells, cloud IMDS, env var hijacking, git hook persistence, macOS launchd/Windows schtasks, dependency confusion, lock file tampering, GitHub Actions poisoning, 16+ obfuscation techniques - Document advisory hook behavior in SKILL.md

v1.1.0

- Added documentation about new advisory PreToolUse hooks in `.claude/settings.json` that warn on dangerous Bash commands and sensitive file writes. - Clarified that these hooks are advisory only and do not block execution by default. - Provided instructions for making the hooks deterministic by changing their return value. - Emphasized that vet-repo remains the primary detection mechanism for repo-level threats. - No changes to code or features; this is a documentation update.

v1.0.0

Initial release: scan repository agent configurations for malicious patterns. - Detects issues in `.claude/settings.json`, skill configs, `.mcp.json`, and agent-related README files. - Produces structured reports with severity levels and actionable recommendations. - Designed for security reviews before trusting or updating repos with agent integrations.

Metadata

Slug vet-repo

Version 1.1.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 3

Frequently Asked Questions

What is Vet Repo?

Scan repository agent configuration files for known malicious patterns. It is an AI Agent Skill for Claude Code / OpenClaw, with 1253 downloads so far.

How do I install Vet Repo?

Run "/install vet-repo" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Vet Repo free?

Yes, Vet Repo is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Vet Repo support?

Vet Repo is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Vet Repo?

It is built and maintained by ItsNishi (@itsnishi); the current version is v1.1.1.

More Skills