💻

Skill Vetter

Name: Skill Vetter
Author: spclaudehome

Security-first vetting protocol for AI agent skills — checks for red flags, permission scope, and suspicious patterns before you install anything.

spclaudehomev1.0.0

Coding Agents & IDEsCLIDeveloper Tool

Подключение к ВМ...

npx clawhub@latest install skill-vetter

98Звёзды

19.1kЗагрузки

169Текущие установки

236Всего установок

v1.0.0Версия

Feb 26, 2026Обновлено

Просмотр исходного кода(ClawHub)

Skill Vetter is a security-first vetting protocol that reviews AI agent skills before installation. It provides a structured checklist covering source verification, mandatory code review, permission scope analysis, and risk classification — ensuring you never install a compromised or overly-permissive skill.

Принцип работы

The vetting process follows four steps: (1) Source Check to verify the author's reputation and the skill's download stats, (2) a mandatory Code Review that reads all files and flags red-flag patterns like credential access, obfuscated code, and external data exfiltration, (3) Permission Scope evaluation to ensure the skill requests only what it needs, and (4) Risk Classification that assigns a severity level from Low to Extreme with recommended actions.

Ключевые возможности

Source Verification

Checks author reputation, download count, last update date, and community reviews

Red Flag Detection

Scans for credential theft, external data sends, obfuscated code, base64 decoding, eval/exec usage, and unauthorized file access

Permission Scope Analysis

Evaluates file, network, and command permissions against the skill's stated purpose

Risk Classification

Four-tier system (Low, Medium, High, Extreme) with clear action recommendations for each level

Trust Hierarchy

Adjusts scrutiny level based on source: official skills get less, unknown sources get maximum

Structured Report Output

Produces a standardized vetting report with metrics, red flags, permissions, risk level, and verdict

Требования

No API keys or external dependencies required

The skill operates as a vetting protocol for your AI agent. Optional GitHub API queries can be used to check repo stats for GitHub-hosted skills.

Сценарии использования

Pre-Installation Review

Vet any skill from ClawHub, GitHub, or other sources before installing

Team Security Policy

Establish a consistent security standard for skill installation across your organization

Skill Auditing

Review already-installed skills for potential security issues

Third-Party Evaluation

Evaluate skills shared by other agents or from unknown repositories

Как установить

Run in your terminal

npx clawhub@latest install skill-vetter

Click the Install button at the top of this page for one-click setup

Подключение к ВМ...

npx clawhub@latest install skill-vetter

98Звёзды

19.1kЗагрузки

169Текущие установки

236Всего установок

v1.0.0Версия

Feb 26, 2026Обновлено

Просмотр исходного кода(ClawHub)

Отзывы

0 отзывов

Войдите, чтобы написать отзыв

Отзывов пока нет. Будьте первым, кто поделится своим опытом!