home / skills / openclaw / skills / skill-vetter
This skill conducts security-first vetting of AI agent skills before installation, examining sources, permissions, and suspicious behavior to prevent risky
npx playbooks add skill openclaw/skills --skill skill-vetterReview the files below or copy the command above to add this skill to your agents.
---
name: skill-vetter
version: 1.0.0
description: Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
---
# Skill Vetter π
Security-first vetting protocol for AI agent skills. **Never install a skill without vetting it first.**
## When to Use
- Before installing any skill from ClawdHub
- Before running skills from GitHub repos
- When evaluating skills shared by other agents
- Anytime you're asked to install unknown code
## Vetting Protocol
### Step 1: Source Check
```
Questions to answer:
- [ ] Where did this skill come from?
- [ ] Is the author known/reputable?
- [ ] How many downloads/stars does it have?
- [ ] When was it last updated?
- [ ] Are there reviews from other agents?
```
### Step 2: Code Review (MANDATORY)
Read ALL files in the skill. Check for these **RED FLAGS**:
```
π¨ REJECT IMMEDIATELY IF YOU SEE:
βββββββββββββββββββββββββββββββββββββββββ
β’ curl/wget to unknown URLs
β’ Sends data to external servers
β’ Requests credentials/tokens/API keys
β’ Reads ~/.ssh, ~/.aws, ~/.config without clear reason
β’ Accesses MEMORY.md, USER.md, SOUL.md, IDENTITY.md
β’ Uses base64 decode on anything
β’ Uses eval() or exec() with external input
β’ Modifies system files outside workspace
β’ Installs packages without listing them
β’ Network calls to IPs instead of domains
β’ Obfuscated code (compressed, encoded, minified)
β’ Requests elevated/sudo permissions
β’ Accesses browser cookies/sessions
β’ Touches credential files
βββββββββββββββββββββββββββββββββββββββββ
```
### Step 3: Permission Scope
```
Evaluate:
- [ ] What files does it need to read?
- [ ] What files does it need to write?
- [ ] What commands does it run?
- [ ] Does it need network access? To where?
- [ ] Is the scope minimal for its stated purpose?
```
### Step 4: Risk Classification
| Risk Level | Examples | Action |
|------------|----------|--------|
| π’ LOW | Notes, weather, formatting | Basic review, install OK |
| π‘ MEDIUM | File ops, browser, APIs | Full code review required |
| π΄ HIGH | Credentials, trading, system | Human approval required |
| β EXTREME | Security configs, root access | Do NOT install |
## Output Format
After vetting, produce this report:
```
SKILL VETTING REPORT
βββββββββββββββββββββββββββββββββββββββ
Skill: [name]
Source: [ClawdHub / GitHub / other]
Author: [username]
Version: [version]
βββββββββββββββββββββββββββββββββββββββ
METRICS:
β’ Downloads/Stars: [count]
β’ Last Updated: [date]
β’ Files Reviewed: [count]
βββββββββββββββββββββββββββββββββββββββ
RED FLAGS: [None / List them]
PERMISSIONS NEEDED:
β’ Files: [list or "None"]
β’ Network: [list or "None"]
β’ Commands: [list or "None"]
βββββββββββββββββββββββββββββββββββββββ
RISK LEVEL: [π’ LOW / π‘ MEDIUM / π΄ HIGH / β EXTREME]
VERDICT: [β
SAFE TO INSTALL / β οΈ INSTALL WITH CAUTION / β DO NOT INSTALL]
NOTES: [Any observations]
βββββββββββββββββββββββββββββββββββββββ
```
## Quick Vet Commands
For GitHub-hosted skills:
```bash
# Check repo stats
curl -s "https://api.github.com/repos/OWNER/REPO" | jq '{stars: .stargazers_count, forks: .forks_count, updated: .updated_at}'
# List skill files
curl -s "https://api.github.com/repos/OWNER/REPO/contents/skills/SKILL_NAME" | jq '.[].name'
# Fetch and review SKILL.md
curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/skills/SKILL_NAME/SKILL.md"
```
## Trust Hierarchy
1. **Official OpenClaw skills** β Lower scrutiny (still review)
2. **High-star repos (1000+)** β Moderate scrutiny
3. **Known authors** β Moderate scrutiny
4. **New/unknown sources** β Maximum scrutiny
5. **Skills requesting credentials** β Human approval always
## Remember
- No skill is worth compromising security
- When in doubt, don't install
- Ask your human for high-risk decisions
- Document what you vet for future reference
---
*Paranoia is a feature.* ππ¦
This skill provides a security-first vetting protocol for AI agent skills before installation. It automates and documents checks for red flags, required permissions, and suspicious patterns so you can decide whether a skill is safe. The goal is to reduce risk from third-party skill code sourced from ClawdHub, GitHub, or other repositories.
The vetter inspects the skill source, enumerates files, and performs a code review guided by a concise red-flag checklist. It evaluates permission scope (file/network/command needs), classifies risk, and produces a standardized vetting report with verdict and notes. Quick command snippets are provided to fetch repo metadata and list files for manual follow-up.
What are the most critical red flags?
Requests for credentials/tokens, use of eval/exec with external input, network calls to unknown endpoints, reading credential files, or obfuscated code are immediate reject conditions.
Can I automate the entire vetting process?
You can automate metadata checks and basic static scans, but a full manual code review is mandatory for medium or higher risk; human judgment is required for nuanced cases.