← Back to Skills Marketplace
yiyi-9

Openclaw Skill Vetter 1.0.0

by yiyi-9 · GitHub ↗ · v1.0.0
linuxdarwinwin32 ✓ Security Clean
910
Downloads
0
Stars
12
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-skill-vetter-1-0-0
Description
Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...
Usage Guidance
This skill is a sensible, instruction-only vetting checklist and appears internally consistent. Before relying on it: 1) manually review this SKILL.md (a vetter is a meta-tool — it must itself be trusted); 2) never execute downloaded skill files — only read them; 3) treat its automated checks as advisory and perform manual code review for anything classified MEDIUM+ or HIGH; 4) if you plan to let an agent run this autonomously, require a human review step before installing any skill flagged as SAFE by the vetter. If you want extra caution, inspect any referenced integrations (zero-trust-protocol, drift-guard) because they are mentioned but not described or required by this package.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-skill-vetter-1-0-0 Version: 1.0.0 The skill-vetter bundle is a defensive security protocol designed to guide AI agents through a systematic vetting process for other skills. It provides structured instructions (SKILL.md) for identifying red flags such as credential theft, obfuscated code, and unauthorized network calls, and includes safe utility commands using 'curl' and 'jq' for auditing GitHub repositories. No malicious logic, exfiltration patterns, or harmful prompt injections were identified.
Capability Assessment
Purpose & Capability
Name, description, and runtime instructions align: this is a vetting/checklist skill and it only requires curl and jq to perform GitHub/HTTP checks and JSON parsing. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md explicitly instructs the agent to download skill packages to a temporary directory and read all files for red flags, and shows curl/jq commands to query GitHub — these actions are within a vetter's scope. Recommendation: the skill should explicitly warn against executing any downloaded code (it currently shows reading/cat commands but does not repeat 'never run code' emphatically).
Install Mechanism
No install spec and no code files — instruction-only. This minimizes on-disk persistence and the attack surface. The use of curl/jq (declared) is proportionate and expected.
Credentials
No environment variables, credentials, or config paths are requested. The declared requirements (curl, jq) are directly used by the quick-vet commands in SKILL.md and are proportionate to the purpose.
Persistence & Privilege
always is false and the skill does not request persistent presence or elevated privileges. It does not modify other skills' configs or ask for system-level changes in its instructions.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-skill-vetter-1-0-0
  3. After installation, invoke the skill by name or use /openclaw-skill-vetter-1-0-0
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial public release of skill-vetter: Easily vet skills for security risks before installation. - Implements a structured protocol to detect red flags (e.g., credential theft, data exfiltration, obfuscated code). - Provides clear risk classification: LOW, MEDIUM, HIGH, EXTREME. - Generates standardized vetting reports to support safe decision-making. - Includes a practical checklist for both automated and manual review. - Supplies vetting report templates and quick commands for ClawHub/GitHub skills. - Encourages thorough scrutiny of all untrusted or unknown skills before install.
Metadata
Slug openclaw-skill-vetter-1-0-0
Version 1.0.0
License
All-time Installs 13
Active Installs 12
Total Versions 1
Frequently Asked Questions

What is Openclaw Skill Vetter 1.0.0?

Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L... It is an AI Agent Skill for Claude Code / OpenClaw, with 910 downloads so far.

How do I install Openclaw Skill Vetter 1.0.0?

Run "/install openclaw-skill-vetter-1-0-0" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Skill Vetter 1.0.0 free?

Yes, Openclaw Skill Vetter 1.0.0 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclaw Skill Vetter 1.0.0 support?

Openclaw Skill Vetter 1.0.0 is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created Openclaw Skill Vetter 1.0.0?

It is built and maintained by yiyi-9 (@yiyi-9); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments