← 返回 Skills 市场
2549
总下载
0
收藏
21
当前安装
5
版本数
在 OpenClaw 中安装
/install skill-vetter-v2
功能描述
Analyze any skill for safety before use. Preserve local judgment, classify risk clearly, and optionally verify the final report with SettlementWitness.
安全使用建议
This package appears to do what it says: local vetting helpers, templates, and an advisory hook. Before installing or using: (1) run the included scripts (bash scripts/scan-skill.sh) on the target skill directory yourself to verify outputs; (2) review the hook (hooks/openclaw/handler.[js|ts]) to confirm it only injects a reminder and does not alter state; (3) if you enable any optional verification with a third-party service (SettlementWitness or similar), confirm exactly which structured fields are transmitted and never send secrets, private keys, or full private repositories; (4) note the minor metadata mismatch (ownerId in _meta.json differs from registry owner) — benign but worth checking you have the intended package source.
功能分析
Type: OpenClaw Skill
Name: skill-vetter-v2
Version: 0.0.5
The skill is a security vetting tool designed to help an AI agent analyze other skill bundles for safety risks. It includes a static analysis helper (scripts/scan-skill.sh) that uses grep to identify potential indicators of concern and an OpenClaw hook (hooks/openclaw/handler.js) that provides safety reminders during the agent's bootstrap process. The instructions in SKILL.md and README.md are explicitly focused on local review, data privacy, and identifying malicious patterns, with no evidence of exfiltration, obfuscation, or unauthorized execution.
能力评估
Purpose & Capability
The name/description (skill vetter) align with the included artifacts: README, SKILL.md, local scan helper script, reminder activator, hook that injects a reminder, report templates and checklists. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md and README instruct only local inspection of the target package, generating a structured report, and optionally verifying that report. The runtime instructions do not direct the agent to read secrets, exfiltrate files, or call external services. They explicitly warn not to send secrets or private repositories.
Install Mechanism
There is no install spec; the package is instruction-plus-small helpers. Scripts are local utilities (scan-skill.sh, activator.sh) and hooks are lightweight and advisory. There are no downloads or archive extracts or package installs declared.
Credentials
The skill requires no environment variables or credentials. SKILL.md mentions optional verification with a third party (SettlementWitness) — this is only a workflow note and no code implements network verification here. Before using any verification feature, confirm what minimal structured fields are sent and ensure no secrets or private code are transmitted.
Persistence & Privilege
always is false and the hook is advisory: it only injects a virtual reminder file into bootstrapFiles when the agent boots. The package does not modify other skills' configs or request persistent system-wide changes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-vetter-v2 - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-vetter-v2触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.5
- Added concrete usage examples, including sample input and output JSON vetting reports.
- Updated the report output format section for clarity and reference.
- Improved formatting and consistency throughout documentation (e.g., use of bullet points, headers).
- Clarified optional verification workflow and step-by-step reporting process.
- No functionality changes; documentation enhancements only.
v0.0.4
* Rewrote `SKILL.md` for clarity, stronger guidance, and safer presentation.
* Added report templates and review checklists to standardize skill safety analysis.
* Added `.learnings/` files for tracking errors, feature requests, and operational learnings.
* Included example OpenClaw integration files, hooks, and local scan helpers.
* Clarified the optional SettlementWitness verification flow without changing the core evaluation model.
* Removed `error-detector.sh` to eliminate a false-positive dynamic execution flag in ClawHub security scan.
* Improved overall package safety and install trust.
* No core logic changes; this release focuses on documentation, templates, and integration support.
v0.0.3
* Rewrote `SKILL.md` for clarity, stronger guidance, and safer presentation.
* Added report templates and review checklists to standardize skill safety analysis.
* Added `.learnings/` files for tracking errors, feature requests, and operational learnings.
* Included example OpenClaw integration files, hooks, and local scan helpers.
* Clarified the optional SettlementWitness verification flow without changing the core evaluation model.
* Improved package completeness and usability for real-world agent workflows.
* No core logic changes; this release focuses on documentation, templates, and integration support.
v0.0.2
Improved summary and top-level description for clarity and higher conversion. No functional changes.
v0.0.1
Introduced local-first safety evaluation with structured risk classification, external service transparency model, and optional SAR attestation.
元数据
常见问题
Skill Vetter v2 是什么?
Analyze any skill for safety before use. Preserve local judgment, classify risk clearly, and optionally verify the final report with SettlementWitness. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2549 次。
如何安装 Skill Vetter v2?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-vetter-v2」即可一键安装,无需额外配置。
Skill Vetter v2 是免费的吗?
是的,Skill Vetter v2 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Vetter v2 支持哪些平台?
Skill Vetter v2 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Vetter v2?
由 nutstrut(@nutstrut)开发并维护,当前版本 v0.0.5。
推荐 Skills