← Back to Skills Marketplace
weidongkl

Skill Publish Vetter

by wei dong · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ✓ Security Clean
58
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install skill-publish-vetter
Description
Pre-publish privacy scan for ClawHub skills. Detects tokens, keys, credentials, .env secrets, personal info, and internal IPs before publishing.
Usage Guidance
This tool appears to do exactly what it says: it scans a target skill directory for tokens, passwords, private keys, .env values, personal emails/paths, and internal IPs. Before running or using this skill: 1) Confirm the exact target directory you want scanned — the script will read every matched file and can reveal secrets. 2) Be aware SKILL.md requires outputting the full report to chat, which will include detected secret lines (truncated but potentially sensitive); do not run it in a channel or conversation that is public or archived if you do not want those secrets recorded. 3) If you prefer, run bash scripts/publish-check.sh locally in a terminal yourself and inspect the results before copying any parts into chat. 4) Review the actual repository copy of scripts/publish-check.sh (the provided excerpt was truncated in the listing) to ensure no later-added behavior (network calls, uploads, or obfuscation) exists. If you want to proceed, ask the user to explicitly confirm the target path and confirm they understand that the report may contain sensitive data.
Capability Analysis
Type: OpenClaw Skill Name: skill-publish-vetter Version: 1.1.0 The skill is a defensive utility designed to prevent the accidental publication of secrets (API keys, tokens, passwords) to ClawHub. It implements a mandatory multi-step workflow in SKILL.md that requires a privacy scan and explicit user confirmation before executing the 'clawhub publish' command. The scanning logic in scripts/publish-check.sh uses local grep patterns to identify sensitive data and does not contain any network exfiltration or obfuscated code.
Capability Tags
cryptorequires-walletrequires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The name/description state a pre-publish privacy scan and the bundle includes a shell scanning script (scripts/publish-check.sh) plus SKILL.md instructions that call that script. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope
SKILL.md mandates running the included script against the target skill directory and printing the full scan report to chat ("do not summarize or omit anything"). That is coherent with vetting, but it explicitly instructs the agent to output detected sensitive lines (partially truncated by the script). This means secrets discovered by the scan will be echoed into the conversation/chat logs — expected for a vetter but a privacy risk the user should be aware of.
Install Mechanism
No install spec; this is instruction-only with an included shell script. The script uses only local POSIX tools (grep/sed/find) and writes to a temporary file. No downloaded code or external package installs.
Credentials
The skill requests no environment variables or credentials. The scanner operates on file contents only and does not attempt to read config paths or other skills' secrets.
Persistence & Privilege
always is false, autonomous invocation defaults are unchanged, and the skill does not modify system state or other skills' configs. It writes only a temporary results file and prints a report.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-publish-vetter
  3. After installation, invoke the skill by name or use /skill-publish-vetter
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Pre-publish privacy scan for ClawHub skills - detect tokens, keys, credentials, personal info before publishing
Metadata
Slug skill-publish-vetter
Version 1.1.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Skill Publish Vetter?

Pre-publish privacy scan for ClawHub skills. Detects tokens, keys, credentials, .env secrets, personal info, and internal IPs before publishing. It is an AI Agent Skill for Claude Code / OpenClaw, with 58 downloads so far.

How do I install Skill Publish Vetter?

Run "/install skill-publish-vetter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Publish Vetter free?

Yes, Skill Publish Vetter is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Publish Vetter support?

Skill Publish Vetter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Publish Vetter?

It is built and maintained by wei dong (@weidongkl); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments