← 返回 Skills 市场
misscrx

Vivi Skill Vetter

作者 MissCrx · GitHub ↗ · v1.0.0
cross-platform ✓ 安全检测通过
434
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install vivi-skill-vetter
功能描述
Security-first skill vetting for AI agents. Use BEFORE installing any skill from ClawHub, GitHub, or other sources. Checks for red flags, dangerous patterns,...
安全使用建议
This skill looks coherent and appropriate for vetting other skills, but take these precautions before use: 1) Inspect scripts/vet_skill.py yourself (or review with someone you trust) — a vetter must be trusted. 2) Run scans on cloned repos in a sandbox or ephemeral container (not as root) to avoid accidental execution of malicious install scripts. 3) Remember the vetter detects patterns but is not perfect — manual review of flagged items is required and the absence of flags is not a guarantee. 4) Do not run installers (curl | bash, installers, or scripts found in the scanned repo) without manual inspection and verification. 5) If you plan to automate this vetter, pin a specific vetted version and monitor updates/changes to the vetter itself.
功能分析
Type: OpenClaw Skill Name: vivi-skill-vetter Version: 1.0.0 The skill bundle is a security utility designed to perform static analysis and vetting of other OpenClaw skills. The core logic in 'scripts/vet_skill.py' implements a regex-based scanner to detect dangerous patterns such as RCE, privilege escalation, and data exfiltration. While the script contains numerous high-risk strings (e.g., 'rm -rf /', 'curl | bash'), they are used exclusively as detection signatures and are not executed. The documentation in 'SKILL.md' and 'references/patterns.md' provides legitimate security guidance and a 'Three-Zone Security Boundary' framework to help the agent protect the user's environment.
能力评估
Purpose & Capability
Name/description match the implementation. The included script and pattern reference are a local static vetter for skill source code; there are no unrelated environment variables, binaries, or install steps requested. All declared files (SKILL.md, patterns.md, scripts/vet_skill.py) are consistent with a security vetter.
Instruction Scope
SKILL.md instructs the agent/user to fetch a skill (clawhub inspect or git clone) and run the provided python scanner against that skill directory. The instructions do not direct execution of the target skill or reading arbitrary host files; the vetter scans the skill directory for risky patterns. Because it asks the user to clone arbitrary repositories, run the scanner on untrusted content only in an isolated environment.
Install Mechanism
No install spec is present (instruction-only). The vetter does not download or write external code during install. This is the lowest-risk install model and appropriate for the stated purpose.
Credentials
The skill declares no required environment variables, credentials, or config paths. The vetter's pattern set includes detection for references to $HOME, ~/.ssh, .env, etc., but that is part of scanning logic (pattern strings) rather than requests for host secrets. Running the scanner does not require providing sensitive credentials.
Persistence & Privilege
The registry flags show no always:true and no special persistence. The skill does not request to modify other skills or system-wide agent settings. Autonomous invocation is allowed by default (disable-model-invocation:false) but that is normal — nothing in the skill's files indicates it abuses autonomous privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install vivi-skill-vetter
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /vivi-skill-vetter 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release with three-zone boundary detection for AI agent security
元数据
Slug vivi-skill-vetter
版本 1.0.0
许可证
累计安装 2
当前安装数 2
历史版本数 1
常见问题

Vivi Skill Vetter 是什么?

Security-first skill vetting for AI agents. Use BEFORE installing any skill from ClawHub, GitHub, or other sources. Checks for red flags, dangerous patterns,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 434 次。

如何安装 Vivi Skill Vetter?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install vivi-skill-vetter」即可一键安装,无需额外配置。

Vivi Skill Vetter 是免费的吗?

是的,Vivi Skill Vetter 完全免费(开源免费),可自由下载、安装和使用。

Vivi Skill Vetter 支持哪些平台?

Vivi Skill Vetter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Vivi Skill Vetter?

由 MissCrx(@misscrx)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 留言讨论