← 返回 Skills 市场
133
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-vetter-optimized
功能描述
🔒 优化版技能审查器 - 安全优先的AI代理技能审查工具。在从ClawHub、GitHub或其他来源安装任何技能前使用。检查红标、权限范围和可疑模式。包含实用工具和系统化审查清单。基于原始skill-vetter优化,添加了Python检查脚本和详细审查流程。
安全使用建议
This skill appears to be what it says: a vetting tool with a small Python helper that scans a target skill directory for risky patterns. Before using: (1) run the script on a copy or in a sandbox when testing unknown skills, (2) remember the script only detects patterns (possible false positives/negatives) — perform manual code review for anything flagged, and (3) do not run it in a context where it would be given access to secret folders (~/.ssh, ~/.aws) unless you intentionally want to scan those paths. If you plan to invoke the example curl commands, review them first and avoid piping remote scripts into a shell.
功能分析
Type: OpenClaw Skill
Name: skill-vetter-optimized
Version: 2.0.0
The bundle is a security auditing tool designed to help AI agents vet other skills before installation. It includes a Python static analysis script (scripts/skill_checker.py) that scans for risky patterns like eval(), sudo, and shell pipes, along with a comprehensive security protocol in SKILL.md and references/checklist.md. The code and instructions are strictly defensive, aligned with the stated purpose, and contain no evidence of malicious intent or data exfiltration.
能力评估
Purpose & Capability
Name/description (a skill-vetting utility) match the included assets: SKILL.md, a checklist, and a Python inspection script. Nothing in the bundle requests unrelated credentials, binaries, or config paths.
Instruction Scope
SKILL.md directs the agent/user to run the included Python script against skill directories and provides example GitHub curl commands. The script only reads files under the supplied target path and searches for risky patterns — this is appropriate for a vetter. Note: the examples include network curl usage (for user-driven repo queries) and the script flags many patterns (e.g., requests.get, subprocess.run) which can produce false positives for benign code.
Install Mechanism
No install spec; the skill is instruction-only with a small helper script included. Nothing is downloaded or written to disk at install time beyond the normal skill files.
Credentials
No required environment variables, credentials, or special config paths are declared or used. The script operates on a provided filesystem path only, which is proportional to the stated purpose.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent system privileges, modify other skills, or require elevation. Autonomous invocation is allowed by default but not combined with other red flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-vetter-optimized - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-vetter-optimized触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
优化版本:添加Python检查脚本、系统化审查清单、完善文档、清理代码结构
元数据
常见问题
Skill Vetter Optimized 是什么?
🔒 优化版技能审查器 - 安全优先的AI代理技能审查工具。在从ClawHub、GitHub或其他来源安装任何技能前使用。检查红标、权限范围和可疑模式。包含实用工具和系统化审查清单。基于原始skill-vetter优化,添加了Python检查脚本和详细审查流程。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 133 次。
如何安装 Skill Vetter Optimized?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-vetter-optimized」即可一键安装,无需额外配置。
Skill Vetter Optimized 是免费的吗?
是的,Skill Vetter Optimized 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Vetter Optimized 支持哪些平台?
Skill Vetter Optimized 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Vetter Optimized?
由 kvs-GoN(@confidentkai)开发并维护,当前版本 v2.0.0。
推荐 Skills