💻

Skill Vetter

Security-first vetting protocol for AI agent skills — checks for red flags, permission scope, and suspicious patterns before you install anything.

spclaudehomev1.0.0
Coding Agents & IDEsCLIDeveloper Tool
VM에 연결 중...
VM에 연결 중...
npx clawhub@latest install skill-vetter
98별점
19.1k다운로드
169현재 설치 수
236누적 설치 수
v1.0.0버전
Feb 26, 2026업데이트
소스 보기(ClawHub)

Skill Vetter is a security-first vetting protocol that reviews AI agent skills before installation. It provides a structured checklist covering source verification, mandatory code review, permission scope analysis, and risk classification — ensuring you never install a compromised or overly-permissive skill.

작동 원리

The vetting process follows four steps: (1) Source Check to verify the author's reputation and the skill's download stats, (2) a mandatory Code Review that reads all files and flags red-flag patterns like credential access, obfuscated code, and external data exfiltration, (3) Permission Scope evaluation to ensure the skill requests only what it needs, and (4) Risk Classification that assigns a severity level from Low to Extreme with recommended actions.

주요 기능

Source Verification
Checks author reputation, download count, last update date, and community reviews
Red Flag Detection
Scans for credential theft, external data sends, obfuscated code, base64 decoding, eval/exec usage, and unauthorized file access
Permission Scope Analysis
Evaluates file, network, and command permissions against the skill's stated purpose
Risk Classification
Four-tier system (Low, Medium, High, Extreme) with clear action recommendations for each level
Trust Hierarchy
Adjusts scrutiny level based on source: official skills get less, unknown sources get maximum
Structured Report Output
Produces a standardized vetting report with metrics, red flags, permissions, risk level, and verdict

요구 사항

No API keys or external dependencies required
The skill operates as a vetting protocol for your AI agent. Optional GitHub API queries can be used to check repo stats for GitHub-hosted skills.

활용 사례

Pre-Installation Review
Vet any skill from ClawHub, GitHub, or other sources before installing
Team Security Policy
Establish a consistent security standard for skill installation across your organization
Skill Auditing
Review already-installed skills for potential security issues
Third-Party Evaluation
Evaluate skills shared by other agents or from unknown repositories

설치 방법

1
Run in your terminal
npx clawhub@latest install skill-vetter
or
2
Click the Install button at the top of this page for one-click setup

리뷰

0개 리뷰

리뷰를 작성하려면 로그인

아직 리뷰가 없습니다. 첫 번째로 경험을 공유해 보세요!