💻

Skill Vetter

Security-first vetting protocol for AI agent skills — checks for red flags, permission scope, and suspicious patterns before you install anything.

spclaudehomev1.0.0
Coding Agents & IDEsCLIDeveloper Tool
正在連線至 VM...
正在連線至 VM...
npx clawhub@latest install skill-vetter
98Star 數
19.1k下載次數
169目前安裝數
236累計安裝數
v1.0.0版本
Feb 26, 2026更新時間
查看原始碼(ClawHub)

Skill Vetter is a security-first vetting protocol that reviews AI agent skills before installation. It provides a structured checklist covering source verification, mandatory code review, permission scope analysis, and risk classification — ensuring you never install a compromised or overly-permissive skill.

運作原理

The vetting process follows four steps: (1) Source Check to verify the author's reputation and the skill's download stats, (2) a mandatory Code Review that reads all files and flags red-flag patterns like credential access, obfuscated code, and external data exfiltration, (3) Permission Scope evaluation to ensure the skill requests only what it needs, and (4) Risk Classification that assigns a severity level from Low to Extreme with recommended actions.

核心功能

Source Verification
Checks author reputation, download count, last update date, and community reviews
Red Flag Detection
Scans for credential theft, external data sends, obfuscated code, base64 decoding, eval/exec usage, and unauthorized file access
Permission Scope Analysis
Evaluates file, network, and command permissions against the skill's stated purpose
Risk Classification
Four-tier system (Low, Medium, High, Extreme) with clear action recommendations for each level
Trust Hierarchy
Adjusts scrutiny level based on source: official skills get less, unknown sources get maximum
Structured Report Output
Produces a standardized vetting report with metrics, red flags, permissions, risk level, and verdict

系統需求

No API keys or external dependencies required
The skill operates as a vetting protocol for your AI agent. Optional GitHub API queries can be used to check repo stats for GitHub-hosted skills.

使用情境

Pre-Installation Review
Vet any skill from ClawHub, GitHub, or other sources before installing
Team Security Policy
Establish a consistent security standard for skill installation across your organization
Skill Auditing
Review already-installed skills for potential security issues
Third-Party Evaluation
Evaluate skills shared by other agents or from unknown repositories

安裝方式

1
Run in your terminal
npx clawhub@latest install skill-vetter
or
2
Click the Install button at the top of this page for one-click setup

評價

0 則評價

登入後撰寫評價

尚無評價。來分享你的使用體驗吧!