home / skills / aaaaqwq / agi-super-skills / skill-vetter
/skills/misc/skill-vetter
This skill helps you securely vet AI agent skills before installation by checking sources, permissions, and risks across ClawdHub, GitHub, and more.
npx playbooks add skill aaaaqwq/agi-super-skills --skill skill-vetterReview the files below or copy the command above to add this skill to your agents.
---
name: skill-vetter
version: 1.0.0
description: Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
---
# Skill Vetter š
Security-first vetting protocol for AI agent skills. **Never install a skill without vetting it first.**
## When to Use
- Before installing any skill from ClawdHub
- Before running skills from GitHub repos
- When evaluating skills shared by other agents
- Anytime you're asked to install unknown code
## Vetting Protocol
### Step 1: Source Check
```
Questions to answer:
- [ ] Where did this skill come from?
- [ ] Is the author known/reputable?
- [ ] How many downloads/stars does it have?
- [ ] When was it last updated?
- [ ] Are there reviews from other agents?
```
### Step 2: Code Review (MANDATORY)
Read ALL files in the skill. Check for these **RED FLAGS**:
```
šØ REJECT IMMEDIATELY IF YOU SEE:
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā¢ curl/wget to unknown URLs
ā¢ Sends data to external servers
ā¢ Requests credentials/tokens/API keys
ā¢ Reads ~/.ssh, ~/.aws, ~/.config without clear reason
ā¢ Accesses MEMORY.md, USER.md, SOUL.md, IDENTITY.md
ā¢ Uses base64 decode on anything
ā¢ Uses eval() or exec() with external input
ā¢ Modifies system files outside workspace
ā¢ Installs packages without listing them
ā¢ Network calls to IPs instead of domains
ā¢ Obfuscated code (compressed, encoded, minified)
ā¢ Requests elevated/sudo permissions
ā¢ Accesses browser cookies/sessions
ā¢ Touches credential files
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
```
### Step 3: Permission Scope
```
Evaluate:
- [ ] What files does it need to read?
- [ ] What files does it need to write?
- [ ] What commands does it run?
- [ ] Does it need network access? To where?
- [ ] Is the scope minimal for its stated purpose?
```
### Step 4: Risk Classification
| Risk Level | Examples | Action |
|------------|----------|--------|
| š¢ LOW | Notes, weather, formatting | Basic review, install OK |
| š” MEDIUM | File ops, browser, APIs | Full code review required |
| š“ HIGH | Credentials, trading, system | Human approval required |
| ā EXTREME | Security configs, root access | Do NOT install |
## Output Format
After vetting, produce this report:
```
SKILL VETTING REPORT
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
Skill: [name]
Source: [ClawdHub / GitHub / other]
Author: [username]
Version: [version]
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
METRICS:
ā¢ Downloads/Stars: [count]
ā¢ Last Updated: [date]
ā¢ Files Reviewed: [count]
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
RED FLAGS: [None / List them]
PERMISSIONS NEEDED:
ā¢ Files: [list or "None"]
ā¢ Network: [list or "None"]
ā¢ Commands: [list or "None"]
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
RISK LEVEL: [š¢ LOW / š” MEDIUM / š“ HIGH / ā EXTREME]
VERDICT: [ā
SAFE TO INSTALL / ā ļø INSTALL WITH CAUTION / ā DO NOT INSTALL]
NOTES: [Any observations]
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
```
## Quick Vet Commands
For GitHub-hosted skills:
```bash
# Check repo stats
curl -s "https://api.github.com/repos/OWNER/REPO" | jq '{stars: .stargazers_count, forks: .forks_count, updated: .updated_at}'
# List skill files
curl -s "https://api.github.com/repos/OWNER/REPO/contents/skills/SKILL_NAME" | jq '.[].name'
# Fetch and review SKILL.md
curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/skills/SKILL_NAME/SKILL.md"
```
## Trust Hierarchy
1. **Official OpenClaw skills** ā Lower scrutiny (still review)
2. **High-star repos (1000+)** ā Moderate scrutiny
3. **Known authors** ā Moderate scrutiny
4. **New/unknown sources** ā Maximum scrutiny
5. **Skills requesting credentials** ā Human approval always
## Remember
- No skill is worth compromising security
- When in doubt, don't install
- Ask your human for high-risk decisions
- Document what you vet for future reference
---
*Paranoia is a feature.* šš¦
This skill provides a security-first vetting protocol for AI agent skills to run before installing anything from public or third-party sources. It flags risky patterns, evaluates permission scope, and classifies risk to produce a clear install verdict. Use it to reduce supply-chain and runtime risks when adding new capabilities to an agent environment.
The skill inspects source metadata, repository statistics, and every file in the skill package to identify red flags such as exfiltration, credential access, obfuscated code, and unsafe execution patterns. It evaluates required file and network permissions, enumerates commands the skill would run, and assigns a risk level with a recommended action. Finally, it formats a concise vetting report summarizing findings and a clear install verdict.
What immediate signs indicate an automatic reject?
Automatic rejects include network exfiltration to unknown servers, requests for credentials, reading private config/credential files, use of eval/exec on external input, obfuscated code, and requests for root/sudo access.
How is risk classified?
Risk is categorized from low to extreme based on operations: low for benign tasks, medium for file or browser ops, high for credential-sensitive or system-affecting actions, and extreme for root or security-config changes. Human approval is required for high and extreme levels.
What output should I expect?
A concise vetting report listing source, author metadata, files reviewed, red flags, permissions needed, risk level, a clear verdict, and short notes explaining observations and recommended next steps.