💻

Skill Vetter

Security-first vetting protocol for AI agent skills — checks for red flags, permission scope, and suspicious patterns before you install anything.

spclaudehomev1.0.0
Coding Agents & IDEsCLIDeveloper Tool
Verbindung zu VM wird hergestellt...
Verbindung zu VM wird hergestellt...
npx clawhub@latest install skill-vetter
98Sterne
19.1kDownloads
169Aktuelle Installationen
236Gesamte Installationen
v1.0.0Version
Feb 26, 2026Aktualisiert
Quellcode ansehen(ClawHub)

Skill Vetter is a security-first vetting protocol that reviews AI agent skills before installation. It provides a structured checklist covering source verification, mandatory code review, permission scope analysis, and risk classification — ensuring you never install a compromised or overly-permissive skill.

Funktionsweise

The vetting process follows four steps: (1) Source Check to verify the author's reputation and the skill's download stats, (2) a mandatory Code Review that reads all files and flags red-flag patterns like credential access, obfuscated code, and external data exfiltration, (3) Permission Scope evaluation to ensure the skill requests only what it needs, and (4) Risk Classification that assigns a severity level from Low to Extreme with recommended actions.

Hauptfunktionen

Source Verification
Checks author reputation, download count, last update date, and community reviews
Red Flag Detection
Scans for credential theft, external data sends, obfuscated code, base64 decoding, eval/exec usage, and unauthorized file access
Permission Scope Analysis
Evaluates file, network, and command permissions against the skill's stated purpose
Risk Classification
Four-tier system (Low, Medium, High, Extreme) with clear action recommendations for each level
Trust Hierarchy
Adjusts scrutiny level based on source: official skills get less, unknown sources get maximum
Structured Report Output
Produces a standardized vetting report with metrics, red flags, permissions, risk level, and verdict

Voraussetzungen

No API keys or external dependencies required
The skill operates as a vetting protocol for your AI agent. Optional GitHub API queries can be used to check repo stats for GitHub-hosted skills.

Anwendungsfälle

Pre-Installation Review
Vet any skill from ClawHub, GitHub, or other sources before installing
Team Security Policy
Establish a consistent security standard for skill installation across your organization
Skill Auditing
Review already-installed skills for potential security issues
Third-Party Evaluation
Evaluate skills shared by other agents or from unknown repositories

Installation

1
Run in your terminal
npx clawhub@latest install skill-vetter
or
2
Click the Install button at the top of this page for one-click setup

Bewertungen

0 Bewertungen

Anmelden, um eine Bewertung zu schreiben

Noch keine Bewertungen. Sei der Erste, der seine Erfahrungen teilt!