← 返回 Skills 市场
462
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-vet
功能描述
在安装或运行 skill 前进行安全扫描,检查恶意代码、可疑命令和网络请求等潜在威胁。
安全使用建议
This skill appears to implement a local static scanner and does not exfiltrate data or call external endpoints, but there are practical inconsistencies to resolve before use:
- Runtime: vetting.cjs is a Node script. Ensure the agent/runtime has Node available and clarify how to invoke it (the SKILL.md uses the 'skill-vet' CLI name but no install/installation steps are provided).
- Scope of scans: The tool reads files under whatever path you give it. Do not run it pointed at directories containing secrets you don't want read, unless you trust the environment.
- False positives: Many flagged patterns (Buffer.from, fs.writeFile, console.log, process.env access) can be benign; review findings manually.
- Minor bug: the script references colors.gray which is undefined — this is cosmetic but indicates the code wasn't thoroughly tested.
If you plan to install or run this skill, ask the publisher for explicit installation instructions (how to install the 'skill-vet' CLI or how OpenClaw will invoke vetting.cjs) and confirm that Node will be available. Otherwise the code itself looks coherent with its stated purpose and not malicious.
功能分析
Type: OpenClaw Skill
Name: skill-vet
Version: 1.0.0
The skill is a security utility designed to perform static analysis on other skill bundles to identify high-risk patterns such as dynamic code execution, shell injection, and sensitive environment variable access. The implementation in `vetting.cjs` is transparent, uses only built-in Node.js modules (fs, path), and contains no evidence of data exfiltration, malicious execution, or prompt injection.
能力评估
Purpose & Capability
The name/description (a security scanner) align with the included vetting.cjs scanner: it searches files for risky patterns and reports findings. However, the package declares no required binaries or install spec while providing a Node.js CLI script (vetting.cjs). Running this script requires Node on the agent/runtime and a way to invoke it as 'skill-vet' — neither is declared or documented in the SKILL.md, so the runtime expectations are unclear.
Instruction Scope
SKILL.md describes only scanning skill directories and generating reports; the tool's code implements that behavior and does not attempt to read or transmit data off-host. It walks the target path, reads files, and reports regex matches. One note: the README/commands assume a 'skill-vet' executable, but no install instructions are provided.
Install Mechanism
There is no install spec. The skill includes a Node .cjs CLI (shebang present) but does not declare Node as a required binary nor provide steps to install the CLI or place it on PATH. This mismatch makes it unclear how the tool is intended to be executed in the target environment.
Credentials
The skill requests no environment variables, credentials, or config paths. The code scans for patterns like process.env.* in target files (i.e., it detects code that accesses env vars) but does not access the runtime environment's secrets itself.
Persistence & Privilege
always is false and the code does not persist configuration, modify other skills, or request elevated privileges. The tool only reads files in the target path and exits with non-zero when high-risk findings exist.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-vet - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-vet触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Skill Vet 是什么?
在安装或运行 skill 前进行安全扫描,检查恶意代码、可疑命令和网络请求等潜在威胁。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 462 次。
如何安装 Skill Vet?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-vet」即可一键安装,无需额外配置。
Skill Vet 是免费的吗?
是的,Skill Vet 完全免费(开源免费),可自由下载、安装和使用。
Skill Vet 支持哪些平台?
Skill Vet 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Vet?
由 luwinher(@luwinher)开发并维护,当前版本 v1.0.0。
推荐 Skills