← 返回 Skills 市场
bingze00000

Skill Vetter Jarvis

作者 bingze00000 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
110
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-vetter-jarvis
功能描述
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
安全使用建议
This skill is an instruction-only vet checklist and appears coherent with its stated purpose. Before using it: 1) Ensure your agent environment has curl and jq if you want to run the example quick-commands (SKILL.md does not declare required binaries). 2) When following its advice, ensure the agent reads only the skill bundle files (not arbitrary home directories) — vetting should not grant the agent blanket access to your ~/.ssh, ~/.aws, or other sensitive paths. 3) The _meta.json version (1.0.1) differs from the SKILL.md header (1.0.0); this is minor but you may want to confirm the canonical version. 4) Do not let automated vetting be the sole decision-maker for high-risk skills — follow its checklist and require human review for medium/high/extreme findings.
功能分析
Type: OpenClaw Skill Name: skill-vetter-jarvis Version: 1.0.0 The skill-vetter-jarvis bundle is a defensive tool designed to provide a security vetting protocol for AI agents. It contains instructions (SKILL.md) that guide the agent to identify red flags such as data exfiltration, unauthorized credential access, and obfuscated code in other skills. The provided shell commands are limited to standard GitHub API calls for repository inspection, and the overall intent is clearly aligned with improving the security posture of the agent environment.
能力评估
Purpose & Capability
Name and description match the content of SKILL.md: a checklist and commands for vetting other skills. No unrelated environment vars, binaries, or installs are requested.
Instruction Scope
SKILL.md stays on-topic: it instructs reviewing skill files, checking for obvious red flags, and gives GitHub API curl examples. It does not direct reading system files or exfiltrating data beyond the expected GitHub queries. The directive to "Read ALL files in the skill" is appropriate for a vetting tool (it targets the skill bundle, not arbitrary system files).
Install Mechanism
No install spec and no code files — the skill is instruction-only, which minimizes risk. Nothing is downloaded or executed by the skill itself.
Credentials
No required environment variables, credentials, or config paths are declared. The vetting instructions specifically mark credential requests and access to ~/.ssh, ~/.aws, etc., as red flags.
Persistence & Privilege
Flags use default (always:false) and model invocation is allowed (normal). There is no request for permanent presence or changes to other skills' configs. Note: because disable-model-invocation is false, an agent could invoke this skill autonomously — appropriate for a vetting helper but worth noting.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-vetter-jarvis
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-vetter-jarvis 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of skill-vetter-jarvis. - Provides a security-first vetting protocol for AI agent skills before installation. - Includes detailed checklists for source verification, code review, permission scope, and risk classification. - Defines red flags to immediately reject, permission evaluation steps, and risk levels from LOW to EXTREME. - Supplies a clear output format for vetting reports. - Offers quick vetting commands and a trust hierarchy to guide review rigor. - Emphasizes documenting and cautious installation, prioritizing security.
元数据
Slug skill-vetter-jarvis
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Skill Vetter Jarvis 是什么?

Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 110 次。

如何安装 Skill Vetter Jarvis?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-vetter-jarvis」即可一键安装,无需额外配置。

Skill Vetter Jarvis 是免费的吗?

是的,Skill Vetter Jarvis 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skill Vetter Jarvis 支持哪些平台?

Skill Vetter Jarvis 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Vetter Jarvis?

由 bingze00000(@bingze00000)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论