← Back to Skills Marketplace
Skill Vetter
by
asterisk622
· GitHub ↗
· v1.0.3
· MIT-0
2518
Downloads
1
Stars
10
Active Installs
3
Versions
Install in OpenClaw
/install xiaoding-skill-vetter
Description
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Usage Guidance
This is primarily a human-readable checklist (instruction-only) and is internally coherent for the stated purpose. Before installing or trusting it: 1) Verify the skill's provenance — the registry metadata and the included _meta.json/SKILL.md disagree on owner and version, and no homepage/repo is listed. That could be a simple packaging mistake but treat it cautiously. 2) Remember this skill only provides vetting guidance; it does not itself perform code analysis or run tools. If you allow an agent to run this skill autonomously, the agent will be instructed to read all files of the target skill — ensure you only permit that on skills you intend to inspect. 3) Prefer vetters with a verifiable repository or homepage and matching metadata. If unsure, run the checklist manually (or ask a human) rather than granting the agent broad autonomous permissions.
Capability Analysis
Type: OpenClaw Skill
Name: xiaoding-skill-vetter
Version: 1.0.3
The skill-vetter bundle is a security-focused tool designed to guide an AI agent through a vetting process for other skills. It provides a structured protocol for identifying red flags (such as credential theft or unauthorized network calls) and includes standard bash commands in SKILL.md for inspecting GitHub repository metadata and file contents. No malicious logic, obfuscation, or exfiltration attempts were found.
Capability Assessment
Purpose & Capability
The skill's name and description match its contents: an instruction-only vetting checklist. It requires no binaries, env vars, or installs. However, the package metadata contains inconsistencies: registry metadata lists ownerId 'kn799bx...' and version 1.0.3, while the included _meta.json and SKILL.md declare ownerId 'kn71j6...' and version 1.0.0. The lack of a homepage/source in the registry entry is also notable.
Instruction Scope
SKILL.md contains a scoped, explicit vetting protocol (source check, full code review, permission scope, risk classification) and example curl commands for GitHub. It explicitly instructs the agent to read all files of the skill being vetted — appropriate for a vetter. It does not instruct exfiltration, secret access, or writing to external endpoints beyond benign GitHub API/raw URLs used for repository inspection.
Install Mechanism
No install specification and no code files are present. Instruction-only skills are lowest risk because they don't write code to disk or execute installers.
Credentials
The skill requires no environment variables, credentials, or config paths. The instructions ask the agent to inspect files and repo metadata only; this is proportional to a vetting checklist.
Persistence & Privilege
The skill does not request always:true and defaults permit model invocation (normal). There is nothing in the SKILL.md that attempts to modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xiaoding-skill-vetter - After installation, invoke the skill by name or use
/xiaoding-skill-vetter - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
No changes detected in this version.
- No file changes were made between versions 1.0.0 and 1.0.3.
- The SKILL.md remains unchanged.
- No new features, fixes, or enhancements included.
v1.0.2
Version 1.0.2 of xiaoding-skill-vetter
- No file changes detected in this release.
- No updates to documentation or code since the previous version.
v1.0.1
- Initial release of Skill Vetter: a security-first protocol for vetting AI agent skills before installation.
- Provides a detailed, step-by-step vetting guide including source checks, code review for red flags, permission scope assessment, and risk classification.
- Outlines clear output reporting format for documenting skill reviews.
- Includes quick vetting commands for GitHub-hosted skills.
- Establishes a trust hierarchy for different sources and emphasizes human approval for high-risk skills.
Metadata
Frequently Asked Questions
What is Skill Vetter?
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,... It is an AI Agent Skill for Claude Code / OpenClaw, with 2518 downloads so far.
How do I install Skill Vetter?
Run "/install xiaoding-skill-vetter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Vetter free?
Yes, Skill Vetter is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Vetter support?
Skill Vetter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Vetter?
It is built and maintained by asterisk622 (@asterisk622); the current version is v1.0.3.
More Skills