← 返回 Skills 市场
evezart

Evez Skill Vetter

作者 Evez666 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
81
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install evez-skill-vetter
功能描述
Security review for OpenClaw skills before installation. Use when evaluating third-party skills for safety, checking permission scope, detecting suspicious p...
使用说明 (SKILL.md)

Skill Vetter

Review third-party skills before installing them. Catch security risks early.

Quick Start

python3 scripts/vet.py --skill /path/to/skill
python3 scripts/vet.py --slug some-skill  # vet a ClawHub skill

What It Checks

  1. Permission scope — Does the skill request exec, network, or file access?
  2. Suspicious patterns — eval(), exec(), subprocess, fetch to unknown hosts, encoded strings
  3. Data exfiltration — Sending data to external endpoints, logging secrets
  4. Dependency risks — Known vulnerable packages, excessive dependencies
  5. Code quality — Minified/obfuscated code, missing SKILL.md, oversized files
  6. Secret exposure — Hardcoded API keys, tokens, passwords in source

Risk Score

Each check produces a risk score 0-100:

  • 0-20: ✅ Safe — install freely
  • 21-50: ⚠️ Caution — review findings before installing
  • 51-75: 🚨 Risky — significant security concerns
  • 76-100: ❌ Dangerous — do not install

Output

SKILL: some-skill
RISK: 35/100 (Caution)
FINDINGS:
  ⚠️ Uses subprocess.call() in scripts/run.sh:3
  ⚠️ Fetches from https://unknown-api.com in scripts/pull.py:12
  ✅ No hardcoded secrets found
  ✅ SKILL.md present and valid
安全使用建议
This skill is reasonable to use as a local, user-invoked scanner, but keep its scope narrow and do not rely on its score as a complete security decision. Be aware that the documented --slug workflow appears unimplemented and that the script may need the click Python package to run.
功能分析
Type: OpenClaw Skill Name: evez-skill-vetter Version: 1.0.0 The skill is a security auditing tool designed to perform static analysis on other OpenClaw skills. The primary script, scripts/vet.py, uses regex patterns to detect dangerous functions (e.g., eval, subprocess), hardcoded secrets (API keys, AWS tokens), and obfuscation techniques without executing the target code. The SKILL.md file provides clear documentation and lacks any prompt-injection attempts or deceptive instructions, and the code contains no evidence of data exfiltration or malicious intent.
能力标签
requires-sensitive-credentials
能力评估
Purpose & Capability
The stated purpose and included code are coherent: it locally scans a user-selected skill directory for risky text patterns. However, the documentation describes broader vetting such as dependency risk checks and a ClawHub slug workflow that the provided script only partially implements.
Instruction Scope
The instructions are user-invoked CLI examples, not automatic execution. The --skill path is user-controlled and scanned recursively, so users should keep it scoped to the skill they intend to review.
Install Mechanism
There is no install spec or remote installer, which is low risk. The script imports the external Python package click, but no dependency declaration is provided, so running it may require a separately installed dependency.
Credentials
Recursive local file reading is proportionate for a static skill vetter and the artifacts show no network transmission, credential use, or persistence. It can still inspect many local files if pointed at a broad directory.
Persistence & Privilege
No background service, persistence mechanism, account privilege use, credential loading, or stored memory behavior is shown in the artifacts.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install evez-skill-vetter
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /evez-skill-vetter 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of evez-skill-vetter — security auditing tool for OpenClaw skills. - Performs static analysis to identify suspicious code patterns and permission requests. - Checks for data exfiltration risks, secret exposure, and dependency vulnerabilities. - Audits skill metadata, code quality, and permission scope before installation. - Assigns a risk score (0–100) with clear safety recommendations. - Provides detailed, actionable findings for each analyzed skill.
元数据
Slug evez-skill-vetter
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Evez Skill Vetter 是什么?

Security review for OpenClaw skills before installation. Use when evaluating third-party skills for safety, checking permission scope, detecting suspicious p... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 81 次。

如何安装 Evez Skill Vetter?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install evez-skill-vetter」即可一键安装,无需额外配置。

Evez Skill Vetter 是免费的吗?

是的,Evez Skill Vetter 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Evez Skill Vetter 支持哪些平台?

Evez Skill Vetter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Evez Skill Vetter?

由 Evez666(@evezart)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论