← Back to Skills Marketplace
h-harry

Skill Vetter 1

by h-harry · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
545
Downloads
0
Stars
11
Active Installs
1
Versions
Install in OpenClaw
/install skill-vetter-1
Description
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Usage Guidance
This skill is coherent and appears safe to use as a checklist. Before relying on it: (1) Verify the skill's provenance — the ownerId in the included _meta.json does not match the registry Owner ID provided to you; confirm which is authoritative. (2) Ensure your agent's file read scope is limited to the skill repository/workspace so 'read all files' cannot access unrelated private data (SSH keys, AWS creds, etc.). (3) If you allow the skill to run network queries, prefer read-only API calls and inspect the exact curl endpoints it will call. (4) Use this vetter as an aid, not a substitute for human review on high-risk skills.
Capability Analysis
Type: OpenClaw Skill Name: skill-vetter-1 Version: 1.0.0 The 'skill-vetter' skill is a defensive security tool designed to guide AI agents through a vetting protocol before installing other skills. It provides a structured framework for identifying red flags such as data exfiltration, credential theft, and obfuscated code in SKILL.md. The included bash commands are limited to fetching repository metadata and file lists from the GitHub API for analysis purposes, and the overall logic promotes a 'security-first' approach with human oversight for high-risk actions.
Capability Assessment
Purpose & Capability
The skill's name, description, and SKILL.md all describe a vetting checklist and the instructions align with that purpose. It is instruction-only and does not request binaries, env vars, or installs. Note: the registry metadata Owner ID (kn78...) differs from the _meta.json ownerId (kn71...), which is a provenance inconsistency worth verifying.
Instruction Scope
The SKILL.md explicitly instructs the agent to 'Read ALL files in the skill' and to run network queries (curl to GitHub APIs) to gather repo info. Those actions are appropriate for a vetting skill, but they require the agent to have file and network access limited to the target repo/workspace; if the agent's file read scope is broader, these instructions could cause wider data exposure. The instructions themselves do not ask the agent to exfiltrate data or access unrelated credentials.
Install Mechanism
No install spec and no code files are present (instruction-only). This minimizes risk from arbitrary downloads or disk writes.
Credentials
The skill declares no environment variables, credentials, or config paths. The SKILL.md advises rejecting skills that request credentials or access to credential files, which is consistent with a security-focused vetter.
Persistence & Privilege
always is false and the skill does not request persistent presence or modification of other skills or global agent settings. Autonomous invocation is allowed (platform default) but not excessive for this use case.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-vetter-1
  3. After installation, invoke the skill by name or use /skill-vetter-1
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Skill Vetter: a security-first vetting guide for AI agent skills. - Outlines a step-by-step protocol to check source, code, permissions, and risk level before installing any skill. - Lists clear red flags to reject (e.g., credential access, suspicious network calls, use of eval/exec). - Provides a detailed vetting report template for consistent reviews. - Includes practical commands for vetting GitHub-hosted skills. - Highlights trust hierarchy and best practices for skill installation security.
Metadata
Slug skill-vetter-1
Version 1.0.0
License MIT-0
All-time Installs 13
Active Installs 11
Total Versions 1
Frequently Asked Questions

What is Skill Vetter 1?

Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,... It is an AI Agent Skill for Claude Code / OpenClaw, with 545 downloads so far.

How do I install Skill Vetter 1?

Run "/install skill-vetter-1" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Vetter 1 free?

Yes, Skill Vetter 1 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Vetter 1 support?

Skill Vetter 1 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Vetter 1?

It is built and maintained by h-harry (@h-harry); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments