← Back to Skills Marketplace
16378
Downloads
9
Stars
259
Active Installs
3
Versions
Install in OpenClaw
/install skill-vetting
Description
Vet ClawHub skills for security and utility before installation. Use when considering installing a ClawHub skill, evaluating third-party code, or assessing w...
Usage Guidance
Install only if you want a conservative skill-review helper. Inspect the Python scanner before first use, run it against downloaded skills in /tmp or another sandbox, and treat its findings as leads to investigate rather than automatic proof of malice.
Capability Analysis
Type: OpenClaw Skill
Name: skill-vetting
Version: 1.1.0
This skill bundle is a security scanner designed to vet other OpenClaw skills for malicious patterns and prompt injection. The `SKILL.md` and `ARCHITECTURE.md` files explicitly warn against prompt injection and provide instructions for the AI agent on how to identify and reject such attempts. The `scripts/scan.py` file implements the detection logic for various security risks, including prompt injection, but does not exhibit any malicious behavior itself. All files are aligned with the stated purpose of security vetting and show no evidence of intentional harmful behavior, data exfiltration, unauthorized execution, or persistence mechanisms.
Capability Assessment
Purpose & Capability
The skill’s stated purpose is to vet ClawHub skills, and its artifacts support that with a review workflow, a regex-based Python scanner, architecture notes, and malicious-pattern references.
Instruction Scope
The instructions are conservative and sometimes overstate scanner findings as automatic rejection rules; users should treat findings as strong signals but still review context.
Install Mechanism
The workflow asks the user to run shell commands, download a ClawHub skill archive, unzip it in /tmp, and execute this skill’s Python scanner; this is disclosed and aligned with security review, but should be done deliberately.
Credentials
The scanner reads local files under the selected skill directory and does not show network calls, credential use, exfiltration, destructive actions, or workspace-wide indexing.
Persistence & Privilege
No persistence mechanism, background worker, privilege escalation, credential/session handling, or automatic mutation authority is evidenced.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-vetting - After installation, invoke the skill by name or use
/skill-vetting - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Security: Expanded file scanning (html/env/ts/etc) + 5 new prompt injection patterns. Features: JSON output, severity levels, color-coded findings. Docs: AI reviewer hardening + defense architecture.
v1.0.1
- Added SKILL.md.backup file for backup or versioning purposes.
- No changes to core functionality or documentation content.
- The skill continues to provide security and utility vetting guidance for ClawHub skills.
v1.0.0
Initial release - Automated security scanner + malicious pattern database + complete vetting workflow for ClawHub skills
Metadata
Frequently Asked Questions
What is Skill Vetting?
Vet ClawHub skills for security and utility before installation. Use when considering installing a ClawHub skill, evaluating third-party code, or assessing w... It is an AI Agent Skill for Claude Code / OpenClaw, with 16378 downloads so far.
How do I install Skill Vetting?
Run "/install skill-vetting" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Vetting free?
Yes, Skill Vetting is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Skill Vetting support?
Skill Vetting is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Vetting?
It is built and maintained by Eddy (@eddygk); the current version is v1.1.0.
More Skills