← 返回 Skills 市场

HIIC-skill-vetter

Name: HIIC-skill-vetter
Author: waytobetter619

作者 HIIC-Wayne · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

133

总下载

当前安装

版本数

在 OpenClaw 中安装

/install hiic-skill-vetter

功能描述

Practical skill vetting workflow for AI agents. Prioritizes clear yes/no risk judgments, concise conclusions, and business-aware risk tolerance before instal...

使用说明 (SKILL.md)

HIIC Skill Vetter

A practical, business-aware vetting workflow for OpenClaw skills.

Goal: give a short, clear conclusion about whether a skill is safe to use, without over-penalizing normal capabilities like external API access, scheduled tasks, screenshots, or documented platform credentials.

When to Use

Use this skill when:

the user asks whether a skill is safe
the user wants a quick vet before installing a skill
the user wants a concise risk conclusion instead of a long report
the user wants a portfolio-wide skill review

Core Policy

Default stance

A skill is considered safe by default unless there is evidence of one of the following:

privilege escalation
hidden or unrelated sensitive-data access
hidden external exfiltration
dynamic execution of untrusted input
obvious behavior beyond the claimed scope

Important calibration rules

The following do not automatically make a skill unsafe:

documented external API access
reading .env, tokens, cookies, or API keys that are clearly required for the skill's purpose
cron / session / service / screenshot / browser state features
package installation steps that are explicit and relevant
platform/account integration when it is the point of the skill

These should usually be treated as:

normal capability, or
caution item, not rejection

Judgment Standard

Output should be short and explicit.

Use this format:

SKILL VETTING REPORT
═══════════════════════════════════════
Skill: [name]
Source: [local / GitHub / ClawHub / other]
───────────────────────────────────────
RISKS:
• External Access: [Yes / No]
• Sensitive Access: [Yes / No / Required for stated purpose]
• Dynamic Execution: [Yes / No]
• Privilege Escalation: [Yes / No]
• Scope Mismatch: [Yes / No]
───────────────────────────────────────
RISK LEVEL: [🟢 LOW / 🟡 MEDIUM / 🟠 HIGH]
VERDICT: [✅ SAFE TO INSTALL / ⚠️ INSTALL WITH CAUTION / 🛑 HUMAN REVIEW RECOMMENDED]
NOTES: [1-3 short lines]
═══════════════════════════════════════

Keep the conclusion concise. Do not generate a long audit unless the user explicitly asks.

Decision Rules

✅ SAFE TO INSTALL

Use when:

no privilege escalation found
no suspicious unrelated sensitive access found
no hidden exfiltration found
behavior matches the skill's stated purpose

Typical examples:

weather skills
summarizers
search tools
GitHub helpers
browser helpers
document tools

⚠️ INSTALL WITH CAUTION

Use when:

the skill touches accounts, cookies, cloud resources, tokens, or publishing flows
but that access is clearly related to the skill's purpose
and there is no evidence of malicious or hidden behavior

Typical examples:

social publishing tools
cloud storage tools
document platform integrations
account-bound automation tools

🛑 HUMAN REVIEW RECOMMENDED

Use when:

there is real ambiguity about scope
or the skill reads sensitive material not clearly required
or the skill contains dynamic execution, suspicious remote behavior, or unclear hidden logic

Do not use this level just because a skill uses tokens, APIs, cron, screenshots, or service config for legitimate reasons.

What Actually Counts as High Risk

Treat these as strong warning signals:

sudo, privileged system modification, or elevated install requirements
eval, exec, bash -c, sh -c, subprocess execution with untrusted input
reading unrelated secrets or private files without business justification
hidden telemetry or undocumented outbound endpoints
obvious mismatch between claim and implementation
encoded/obfuscated payloads tied to execution or exfiltration

Practical Review Workflow

Read SKILL.md
Review helper scripts and config
Identify whether sensitive/platform access is required for the stated purpose
Look for actual high-risk behavior
Return a short conclusion

If a repeatable scan helps, use:

python3 vet_scan.py \x3Cskill-dir>
python3 vet_scan.py \x3Cskill-dir> --format json

Review Philosophy

Business-required permissions are not automatic red flags.
A platform integration skill will naturally touch platform credentials.
A browser automation skill will naturally touch cookies/session state.
A cloud skill will naturally touch API keys and remote resources.
The question is not “does it have permissions?”
The question is: “does it use those permissions in a way that is expected, explicit, and limited to its purpose?”

Remember

Aim for good judgment, not paranoia theater.

If there is no concrete sign of malicious or over-scoped behavior, do not overcall risk.

安全使用建议

This skill is a local vetting helper and appears safe to use. It will read files under whatever directory you point it at (so do not run it against directories that contain your real secrets like ~/.ssh or other private data). The scanner only inspects files and patterns — it does not itself make network calls or change system settings. Two practical precautions: (1) run the scanner in a sandbox or on a copy of the skill directory if it contains credentials, and (2) remember the vetter is an automated triage helper with a 'safe-by-default' policy and concise outputs — follow up with manual review for anything flagged as medium/high risk.

功能分析

Type: OpenClaw Skill Name: hiic-skill-vetter Version: 1.0.0 The bundle provides a security vetting tool designed to help AI agents evaluate the safety of other OpenClaw skills. It includes a structured policy framework (SKILL.md) and static analysis scripts (vet_scan.py and vet-scan.sh) that scan directories for high-risk patterns such as dynamic execution, sensitive file access, and network calls. The logic is transparent, diagnostic in nature, and lacks any indicators of data exfiltration, persistence, or malicious intent. While the vetting philosophy encourages 'business-aware' risk tolerance, the implementation is strictly analytical and aligned with its stated purpose.

能力评估

✓ Purpose & Capability

Name/description (a skill-vetter) matches the included assets (SKILL.md, vet_scan.py, vet-scan.sh). No unrelated env vars, binaries, or platform credentials are requested.

✓ Instruction Scope

Runtime instructions are limited to reviewing SKILL.md and running the included scanner against a target skill directory. The scanner only reads files under the provided target directory (root.rglob) and looks for risky patterns; it does not instruct reading system-wide secrets or making outbound network calls.

✓ Install Mechanism

No install spec. This is an instruction-only skill with local Python/shell helpers. There are no downloads or archive extraction steps; importing yaml is optional and not installed automatically.

✓ Credentials

The skill declares no environment variables or credentials. The scanner searches for tokens/patterns inside the target directory but does not require or access external secrets itself.

✓ Persistence & Privilege

always is false and the skill does not attempt persistence, system service installation, or elevated operations. The code contains no sudo/chown/chmod root operations.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install hiic-skill-vetter
安装完成后，直接呼叫该 Skill 的名称或使用 /hiic-skill-vetter 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

HIIC-skill-vetter v1.0.0 - Initial release providing a practical, business-aware vetting workflow for AI agent skills. - Focuses on concise yes/no risk judgments and clear conclusions for installation decisions. - Defines default safety standards and explicit criteria for escalating risk levels. - Calibrates normal capabilities (like API access, scheduled tasks, and documented credentials) as standard or caution items, not automatic red flags. - Supplies a checklist format for vetting and a short review process to streamline decisions.

元数据

Slug hiic-skill-vetter

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题