← 返回 Skills 市场
250
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-security-vetter
功能描述
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
安全使用建议
This is a coherent, instruction-only vetter appropriate for pre-install checks. Before using it, ensure the agent executing these instructions is sandboxed so "read ALL files" is scoped to the skill package (not the whole filesystem). The vetting commands use public GitHub endpoints — avoid running them against private/restricted hosts unless you trust the network. Remember: the vetter reports red flags but does not itself verify semantics; for HIGH/EXTREME cases perform a manual human review and do not grant credentials or elevated rights to a skill based solely on this automated report.
功能分析
Type: OpenClaw Skill
Name: skill-security-vetter
Version: 1.0.0
The skill is a security-focused utility designed to help AI agents vet other skills before installation. It provides a structured protocol for identifying red flags such as data exfiltration, credential theft, and obfuscated code. The included shell commands in SKILL.md are limited to fetching repository metadata and file contents from the GitHub API for auditing purposes, aligning perfectly with its stated defensive purpose.
能力评估
Purpose & Capability
The skill's name/description (a skill vetter) matches the instructions: it mandates reviewing files, checking sources, and querying public GitHub endpoints. It does not request unrelated binaries, credentials, or system configuration, which is proportionate for a vetting tool.
Instruction Scope
Instructions explicitly require reading "ALL files in the skill" and running curl against GitHub APIs/raw.githubusercontent for GitHub-hosted skills. This is appropriate for a vetter, but it grants broad read access to the skill package and requires network access to GitHub. The SKILL.md also instructs checking for reads of sensitive paths (e.g., ~/.ssh, ~/.aws) which is sensible as a red flag. Ensure the agent's runtime scope is limited to the skill's files and public network endpoints when following these steps.
Install Mechanism
No install spec or code files are present (instruction-only). Nothing is written to disk by the skill itself — lowest-risk installation footprint.
Credentials
The skill declares no required environment variables, credentials, or config paths. The instructions do not instruct reading env vars or secret files (they explicitly list those as red flags). This is proportionate.
Persistence & Privilege
always is false and there is no installation or self-modifying behavior. The skill does not request persistent presence or elevated privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-security-vetter - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-security-vetter触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Skill Security Vetting 是什么?
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 250 次。
如何安装 Skill Security Vetting?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-security-vetter」即可一键安装,无需额外配置。
Skill Security Vetting 是免费的吗?
是的,Skill Security Vetting 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Security Vetting 支持哪些平台?
Skill Security Vetting 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Security Vetting?
由 hsyhph(@hsyhph)开发并维护,当前版本 v1.0.0。
推荐 Skills