← 返回 Skills 市场
yiyi-9

Openclaw Skill Vetter 1.0.0

作者 yiyi-9 · GitHub ↗ · v1.0.0
linuxdarwinwin32 ✓ 安全检测通过
910
总下载
0
收藏
12
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-skill-vetter-1-0-0
功能描述
Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...
安全使用建议
This skill is a sensible, instruction-only vetting checklist and appears internally consistent. Before relying on it: 1) manually review this SKILL.md (a vetter is a meta-tool — it must itself be trusted); 2) never execute downloaded skill files — only read them; 3) treat its automated checks as advisory and perform manual code review for anything classified MEDIUM+ or HIGH; 4) if you plan to let an agent run this autonomously, require a human review step before installing any skill flagged as SAFE by the vetter. If you want extra caution, inspect any referenced integrations (zero-trust-protocol, drift-guard) because they are mentioned but not described or required by this package.
功能分析
Type: OpenClaw Skill Name: openclaw-skill-vetter-1-0-0 Version: 1.0.0 The skill-vetter bundle is a defensive security protocol designed to guide AI agents through a systematic vetting process for other skills. It provides structured instructions (SKILL.md) for identifying red flags such as credential theft, obfuscated code, and unauthorized network calls, and includes safe utility commands using 'curl' and 'jq' for auditing GitHub repositories. No malicious logic, exfiltration patterns, or harmful prompt injections were identified.
能力评估
Purpose & Capability
Name, description, and runtime instructions align: this is a vetting/checklist skill and it only requires curl and jq to perform GitHub/HTTP checks and JSON parsing. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md explicitly instructs the agent to download skill packages to a temporary directory and read all files for red flags, and shows curl/jq commands to query GitHub — these actions are within a vetter's scope. Recommendation: the skill should explicitly warn against executing any downloaded code (it currently shows reading/cat commands but does not repeat 'never run code' emphatically).
Install Mechanism
No install spec and no code files — instruction-only. This minimizes on-disk persistence and the attack surface. The use of curl/jq (declared) is proportionate and expected.
Credentials
No environment variables, credentials, or config paths are requested. The declared requirements (curl, jq) are directly used by the quick-vet commands in SKILL.md and are proportionate to the purpose.
Persistence & Privilege
always is false and the skill does not request persistent presence or elevated privileges. It does not modify other skills' configs or ask for system-level changes in its instructions.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-skill-vetter-1-0-0
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-skill-vetter-1-0-0 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial public release of skill-vetter: Easily vet skills for security risks before installation. - Implements a structured protocol to detect red flags (e.g., credential theft, data exfiltration, obfuscated code). - Provides clear risk classification: LOW, MEDIUM, HIGH, EXTREME. - Generates standardized vetting reports to support safe decision-making. - Includes a practical checklist for both automated and manual review. - Supplies vetting report templates and quick commands for ClawHub/GitHub skills. - Encourages thorough scrutiny of all untrusted or unknown skills before install.
元数据
Slug openclaw-skill-vetter-1-0-0
版本 1.0.0
许可证
累计安装 13
当前安装数 12
历史版本数 1
常见问题

Openclaw Skill Vetter 1.0.0 是什么?

Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 910 次。

如何安装 Openclaw Skill Vetter 1.0.0?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-skill-vetter-1-0-0」即可一键安装,无需额外配置。

Openclaw Skill Vetter 1.0.0 是免费的吗?

是的,Openclaw Skill Vetter 1.0.0 完全免费(开源免费),可自由下载、安装和使用。

Openclaw Skill Vetter 1.0.0 支持哪些平台?

Openclaw Skill Vetter 1.0.0 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。

谁开发了 Openclaw Skill Vetter 1.0.0?

由 yiyi-9(@yiyi-9)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 留言讨论