💻

Skill Vetter

Security-first vetting protocol for AI agent skills — checks for red flags, permission scope, and suspicious patterns before you install anything.

spclaudehomev1.0.0
Coding Agents & IDEsCLIDeveloper Tool
Yhdistetään virtuaalikoneeseen...
Yhdistetään virtuaalikoneeseen...
npx clawhub@latest install skill-vetter
98Tähteä
19.1kLataukset
166Nykyiset asennukset
236Asennukset yhteensä
v1.0.0Versio
Feb 26, 2026Päivitetty
Näytä lähdekoodi(ClawHub)

Skill Vetter is a security-first vetting protocol that reviews AI agent skills before installation. It provides a structured checklist covering source verification, mandatory code review, permission scope analysis, and risk classification — ensuring you never install a compromised or overly-permissive skill.

Toimintaperiaate

The vetting process follows four steps: (1) Source Check to verify the author's reputation and the skill's download stats, (2) a mandatory Code Review that reads all files and flags red-flag patterns like credential access, obfuscated code, and external data exfiltration, (3) Permission Scope evaluation to ensure the skill requests only what it needs, and (4) Risk Classification that assigns a severity level from Low to Extreme with recommended actions.

Tärkeimmät ominaisuudet

Source Verification
Checks author reputation, download count, last update date, and community reviews
Red Flag Detection
Scans for credential theft, external data sends, obfuscated code, base64 decoding, eval/exec usage, and unauthorized file access
Permission Scope Analysis
Evaluates file, network, and command permissions against the skill's stated purpose
Risk Classification
Four-tier system (Low, Medium, High, Extreme) with clear action recommendations for each level
Trust Hierarchy
Adjusts scrutiny level based on source: official skills get less, unknown sources get maximum
Structured Report Output
Produces a standardized vetting report with metrics, red flags, permissions, risk level, and verdict

Vaatimukset

No API keys or external dependencies required
The skill operates as a vetting protocol for your AI agent. Optional GitHub API queries can be used to check repo stats for GitHub-hosted skills.

Käyttötapaukset

Pre-Installation Review
Vet any skill from ClawHub, GitHub, or other sources before installing
Team Security Policy
Establish a consistent security standard for skill installation across your organization
Skill Auditing
Review already-installed skills for potential security issues
Third-Party Evaluation
Evaluate skills shared by other agents or from unknown repositories

Asennusohjeet

1
Run in your terminal
npx clawhub@latest install skill-vetter
or
2
Click the Install button at the top of this page for one-click setup

Arvostelut

0 arvostelua

Kirjaudu sisään kirjoittaaksesi arvostelun

Ei arvosteluja vielä. Ole ensimmäinen jakamaan kokemuksesi!