clawhub-skill-vetting

Vet ClawHub skills before installation. Use when the user asks about evaluating, auditing, or safely installing OpenClaw/ClawHub skills, or when a skill’s trustworthiness is in question.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "clawhub-skill-vetting" with this command: npx skills add hugomrtz/skill-vetting-clawhub/hugomrtz-skill-vetting-clawhub-clawhub-skill-vetting

ClawHub Skill Vetting

Overview

Apply a strict, security‑first vetting workflow before installing any ClawHub skill. Prioritize code review, permission scope, domain listing, and risk scoring.

Workflow

  1. Source check — author reputation, stars/downloads, last update, reviews.
  2. Code review (MANDATORY) — scan all files for exfiltration, secrets access, eval/exec, obfuscation.
  3. Permission scope — files, commands, network; confirm minimal scope.
  4. Recent activity — detect suspicious bursts.
  5. Community check — Discord/GitHub Discussions.
  6. Install safely — sandbox + inspect permissions.

Reference

Use references/vetting-guide.md for the full checklist, commands, red flags, confidence scoring, and report template.

Output expectations

  • Produce the SKILL VETTING REPORT format.
  • Provide a go/no‑go recommendation with reasons.
  • If unclear, recommend sandbox install only or reject.
  • Call out any red flags explicitly.
  • Include a confidence score and threshold.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Tinfoil Security

Tinfoil Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Tinfoil Security data.

Registry SourceRecently Updated
1690Profile unavailable
Security

Very Good Security

Very Good Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Very Good Security data.

Registry SourceRecently Updated
1780Profile unavailable
Security

Whitehat Security

WhiteHat Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with WhiteHat Security data.

Registry SourceRecently Updated
1520Profile unavailable
Security

standard-readme

Write or audit README files following the Standard Readme specification (github.com/RichardLitt/standard-readme). Use this skill whenever the user asks to cr...

Registry SourceRecently Updated
1180Profile unavailable