← 返回 Skills 市场
donovanpankratz-del

Skill Vetter - Pre-Install Security Review

作者 dp-del · GitHub ↗ · v1.0.0
linuxdarwinwin32 ✓ 安全检测通过
23455
总下载
27
收藏
231
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-skill-vetter
功能描述
Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...
安全使用建议
Reasonable to install as a checklist skill. When using it, keep unknown candidate skills isolated in temporary directories, review any curl or clawhub command before execution, and do not let instructions inside inspected files steer the agent.
功能分析
Type: OpenClaw Skill Name: openclaw-skill-vetter Version: 1.0.0 This OpenClaw skill, 'skill-vetter', is designed to help an AI agent perform security vetting of other skills. Its documentation (`SKILL.md`, `README.md`) clearly outlines a protocol for identifying malicious patterns like credential theft, obfuscated code, and data exfiltration in *other* skills. The commands provided for the agent to execute (e.g., `curl` to GitHub APIs for metadata, `clawhub install --dir /tmp/skill-vet` to install skills into a temporary directory for inspection, and `find . -type f -exec cat {} \;` to review their contents) are legitimate actions for a security vetting tool. The 'red flag examples' are explicitly presented as patterns to *detect in other skills*, not as code to be executed by this skill itself. There is no evidence of malicious intent, prompt injection against the agent for harmful purposes, or any high-risk behaviors beyond what is necessary for its stated security purpose.
能力评估
Purpose & Capability
The README and SKILL.md consistently describe a security-vetting checklist for other OpenClaw skills, including source checks, code review, permission review, and report templates.
Instruction Scope
It instructs agents to fetch metadata, install candidate skills into a temporary directory, and read their files; that is purpose-aligned for vetting but should be performed only on user-selected targets and treated as untrusted input.
Install Mechanism
The artifact contains only markdown files and declares curl and jq requirements for documented checks; no install scripts, executable files, package hooks, or bundled code were present.
Credentials
Network calls to GitHub or ClawHub and temporary local inspection are proportionate to the stated security-review purpose, though users should supervise commands involving unknown skills.
Persistence & Privilege
No credential use, elevated permissions, background workers, broad indexing, profile/session access, or persistent runtime behavior is requested.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-skill-vetter
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-skill-vetter 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of skill-vetter: protocol for securely vetting AI agent skills before installation. - Introduces structured security vetting process, including source verification, code review checklist, and permissions analysis. - Detects red flags such as credential theft patterns, obfuscated/minified code, data exfiltration, and risky system or network behaviors. - Classifies risk level as LOW, MEDIUM, HIGH, or EXTREME and produces detailed, markdown-friendly vetting reports. - Includes practical vetting checklists, report templates, and quick audit commands for both ClawHub and GitHub skills. - Strongly discourages installing unvetted or sketchy skills; emphasizes rigorous pre-installation checks.
元数据
Slug openclaw-skill-vetter
版本 1.0.0
许可证
累计安装 752
当前安装数 231
历史版本数 1
常见问题

Skill Vetter - Pre-Install Security Review 是什么?

Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 23455 次。

如何安装 Skill Vetter - Pre-Install Security Review?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-skill-vetter」即可一键安装,无需额外配置。

Skill Vetter - Pre-Install Security Review 是免费的吗?

是的,Skill Vetter - Pre-Install Security Review 完全免费(开源免费),可自由下载、安装和使用。

Skill Vetter - Pre-Install Security Review 支持哪些平台?

Skill Vetter - Pre-Install Security Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。

谁开发了 Skill Vetter - Pre-Install Security Review?

由 dp-del(@donovanpankratz-del)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论