← 返回 Skills 市场
vibesparkingai

Skill Vetter Guide

作者 VibeSparkingAI · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ✓ 安全检测通过
138
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install skill-vetter-guide
功能描述
Guide for vetting third-party OpenClaw skills before installation using the Skill Vetter security protocol. Use when installing any third-party skill, auditi...
安全使用建议
This guide is coherent and useful for its stated purpose, but take these precautions before using it: (1) verify the actual source repo before fetching or copying files (the registry entry lists 'unknown'); (2) when running audits, prefer read-only scans and keep a human-in-the-loop for any HIGH/EXTREME findings; (3) do not let automated prompts or an agent write AGENTS.md or install cron jobs without manual review — those are persistent changes that affect all agents; (4) when following the guide to vet a skill, pay extra attention to any skill that reads ~/.ssh, ~/.aws, openclaw config files, or performs outgoing network requests; (5) keep an audit trail of who authorized adding enforcement rules or scheduled tasks so changes can be reverted if needed.
能力评估
Purpose & Capability
The name/description (a guide to vet third-party skills) match the actual content: an instruction-only skill with no required binaries, env vars, or installs. All declared requirements (none) are proportionate to the stated purpose.
Instruction Scope
The SKILL.md correctly instructs reviewers to fetch and review every file in candidate skills and to write standardized reports. That scope is appropriate for a vetting tool, but the guide also recommends writing to local memory/audit files, editing AGENTS.md, and creating cron jobs to run periodic scans. Those are reasonable for enforcement, but they grant the vetting process broad read/write access to agent config and skills directories — ensure human oversight and read-only scanning where appropriate.
Install Mechanism
No install spec or code files are present; this is instruction-only, which minimizes installation risk. The SKILL.md references a canonical source (ClawHub/GitHub), but the registry entry's source is 'unknown' — verify the actual repository before fetching anything.
Credentials
The skill requests no environment variables, credentials, or special config paths. The red-flag checklist within the guide intentionally mentions sensitive locations (e.g., ~/.ssh, ~/.aws) as things to look for in other skills — it does not request access to them itself.
Persistence & Privilege
Although the skill is not set to always:true and does not autonomously require credentials, it explicitly recommends persistent enforcement steps (adding a rule to AGENTS.md; setting up a cron job every 4 hours). These changes would create persistent, system-level behavior that should be applied only with explicit human approval and careful review of the automation scripts.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-vetter-guide
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-vetter-guide 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Add full English versions; add zh-CN translations for all files
v1.0.0
- Initial release of skill-vetter-guide: a comprehensive protocol for securely vetting third-party OpenClaw skills before installation. - Introduces Mandatory Full Code Review SOP with clear risk grading and red-flag checklists. - Defines security roles and strict audit/report processes for periodic skill verification. - Provides ready-made prompt templates and AGENTS.md enforcement rules to mandate use across agents. - Includes detailed documentation on setup, vetting workflows, and multi-instance considerations.
元数据
Slug skill-vetter-guide
版本 1.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Skill Vetter Guide 是什么?

Guide for vetting third-party OpenClaw skills before installation using the Skill Vetter security protocol. Use when installing any third-party skill, auditi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 138 次。

如何安装 Skill Vetter Guide?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-vetter-guide」即可一键安装,无需额外配置。

Skill Vetter Guide 是免费的吗?

是的,Skill Vetter Guide 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skill Vetter Guide 支持哪些平台?

Skill Vetter Guide 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Vetter Guide?

由 VibeSparkingAI(@vibesparkingai)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论