← 返回 Skills 市场
asterisk622

Skill Vetter

作者 asterisk622 · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ✓ 安全检测通过
2518
总下载
1
收藏
10
当前安装
3
版本数
在 OpenClaw 中安装
/install xiaoding-skill-vetter
功能描述
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
安全使用建议
This is primarily a human-readable checklist (instruction-only) and is internally coherent for the stated purpose. Before installing or trusting it: 1) Verify the skill's provenance — the registry metadata and the included _meta.json/SKILL.md disagree on owner and version, and no homepage/repo is listed. That could be a simple packaging mistake but treat it cautiously. 2) Remember this skill only provides vetting guidance; it does not itself perform code analysis or run tools. If you allow an agent to run this skill autonomously, the agent will be instructed to read all files of the target skill — ensure you only permit that on skills you intend to inspect. 3) Prefer vetters with a verifiable repository or homepage and matching metadata. If unsure, run the checklist manually (or ask a human) rather than granting the agent broad autonomous permissions.
功能分析
Type: OpenClaw Skill Name: xiaoding-skill-vetter Version: 1.0.3 The skill-vetter bundle is a security-focused tool designed to guide an AI agent through a vetting process for other skills. It provides a structured protocol for identifying red flags (such as credential theft or unauthorized network calls) and includes standard bash commands in SKILL.md for inspecting GitHub repository metadata and file contents. No malicious logic, obfuscation, or exfiltration attempts were found.
能力评估
Purpose & Capability
The skill's name and description match its contents: an instruction-only vetting checklist. It requires no binaries, env vars, or installs. However, the package metadata contains inconsistencies: registry metadata lists ownerId 'kn799bx...' and version 1.0.3, while the included _meta.json and SKILL.md declare ownerId 'kn71j6...' and version 1.0.0. The lack of a homepage/source in the registry entry is also notable.
Instruction Scope
SKILL.md contains a scoped, explicit vetting protocol (source check, full code review, permission scope, risk classification) and example curl commands for GitHub. It explicitly instructs the agent to read all files of the skill being vetted — appropriate for a vetter. It does not instruct exfiltration, secret access, or writing to external endpoints beyond benign GitHub API/raw URLs used for repository inspection.
Install Mechanism
No install specification and no code files are present. Instruction-only skills are lowest risk because they don't write code to disk or execute installers.
Credentials
The skill requires no environment variables, credentials, or config paths. The instructions ask the agent to inspect files and repo metadata only; this is proportional to a vetting checklist.
Persistence & Privilege
The skill does not request always:true and defaults permit model invocation (normal). There is nothing in the SKILL.md that attempts to modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install xiaoding-skill-vetter
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /xiaoding-skill-vetter 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
No changes detected in this version. - No file changes were made between versions 1.0.0 and 1.0.3. - The SKILL.md remains unchanged. - No new features, fixes, or enhancements included.
v1.0.2
Version 1.0.2 of xiaoding-skill-vetter - No file changes detected in this release. - No updates to documentation or code since the previous version.
v1.0.1
- Initial release of Skill Vetter: a security-first protocol for vetting AI agent skills before installation. - Provides a detailed, step-by-step vetting guide including source checks, code review for red flags, permission scope assessment, and risk classification. - Outlines clear output reporting format for documenting skill reviews. - Includes quick vetting commands for GitHub-hosted skills. - Establishes a trust hierarchy for different sources and emphasizes human approval for high-risk skills.
元数据
Slug xiaoding-skill-vetter
版本 1.0.3
许可证 MIT-0
累计安装 10
当前安装数 10
历史版本数 3
常见问题

Skill Vetter 是什么?

Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2518 次。

如何安装 Skill Vetter?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install xiaoding-skill-vetter」即可一键安装,无需额外配置。

Skill Vetter 是免费的吗?

是的,Skill Vetter 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skill Vetter 支持哪些平台?

Skill Vetter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Vetter?

由 asterisk622(@asterisk622)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论