💻

Skill Vetter

Security-first vetting protocol for AI agent skills — checks for red flags, permission scope, and suspicious patterns before you install anything.

spclaudehomev1.0.0
Coding Agents & IDEsCLIDeveloper Tool
Conectando a la VM...
Conectando a la VM...
npx clawhub@latest install skill-vetter
98Estrellas
19.1kDescargas
169Instalaciones actuales
236Instalaciones totales
v1.0.0Versión
Feb 26, 2026Actualizado
Ver código fuente(ClawHub)

Skill Vetter is a security-first vetting protocol that reviews AI agent skills before installation. It provides a structured checklist covering source verification, mandatory code review, permission scope analysis, and risk classification — ensuring you never install a compromised or overly-permissive skill.

Cómo funciona

The vetting process follows four steps: (1) Source Check to verify the author's reputation and the skill's download stats, (2) a mandatory Code Review that reads all files and flags red-flag patterns like credential access, obfuscated code, and external data exfiltration, (3) Permission Scope evaluation to ensure the skill requests only what it needs, and (4) Risk Classification that assigns a severity level from Low to Extreme with recommended actions.

Características principales

Source Verification
Checks author reputation, download count, last update date, and community reviews
Red Flag Detection
Scans for credential theft, external data sends, obfuscated code, base64 decoding, eval/exec usage, and unauthorized file access
Permission Scope Analysis
Evaluates file, network, and command permissions against the skill's stated purpose
Risk Classification
Four-tier system (Low, Medium, High, Extreme) with clear action recommendations for each level
Trust Hierarchy
Adjusts scrutiny level based on source: official skills get less, unknown sources get maximum
Structured Report Output
Produces a standardized vetting report with metrics, red flags, permissions, risk level, and verdict

Requisitos

No API keys or external dependencies required
The skill operates as a vetting protocol for your AI agent. Optional GitHub API queries can be used to check repo stats for GitHub-hosted skills.

Casos de uso

Pre-Installation Review
Vet any skill from ClawHub, GitHub, or other sources before installing
Team Security Policy
Establish a consistent security standard for skill installation across your organization
Skill Auditing
Review already-installed skills for potential security issues
Third-Party Evaluation
Evaluate skills shared by other agents or from unknown repositories

Cómo instalar

1
Run in your terminal
npx clawhub@latest install skill-vetter
or
2
Click the Install button at the top of this page for one-click setup

Reseñas

0 reseñas

Inicia sesión para escribir una reseña

Aún no hay reseñas. ¡Sé el primero en compartir tu experiencia!