clawhub-skill-vetting
Vet ClawHub skills before installation. Use when the user asks about evaluating, auditing, or safely installing OpenClaw/ClawHub skills, or when a skill’s trustworthiness is in question.
How do I install this agent skill?
npx skills add https://github.com/hugomrtz/skill-vetting-clawhub --skill clawhub-skill-vettingIs this agent skill safe to install?
- Gen Agent Trust Hubpass
This skill provides a structured security-first workflow and checklist for auditing the safety of other AI agent skills from the ClawHub marketplace.
- Socketpass
No alerts
- Snykwarn
Risk: MEDIUM · No issues
- Runlayerwarn
2/3 files flagged
- ZeroLeakspass
Score: 93/100 · 2 sections analyzed
What does this agent skill do?
ClawHub Skill Vetting
Overview
Apply a strict, security‑first vetting workflow before installing any ClawHub skill. Prioritize code review, permission scope, domain listing, and risk scoring.
Workflow
- Source check — author reputation, stars/downloads, last update, reviews.
- Code review (MANDATORY) — scan all files for exfiltration, secrets access,
eval/exec, obfuscation. - Permission scope — files, commands, network; confirm minimal scope.
- Recent activity — detect suspicious bursts.
- Community check — Discord/GitHub Discussions.
- Install safely — sandbox + inspect permissions.
Reference
Use references/vetting-guide.md for the full checklist, commands, red flags, confidence scoring, and report template.
Output expectations
- Produce the SKILL VETTING REPORT format.
- Provide a go/no‑go recommendation with reasons.
- If unclear, recommend sandbox install only or reject.
- Call out any red flags explicitly.
- Include a confidence score and threshold.
How can the creator link this skill?
Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.
<a href="https://skillzs.dev/skills/hugomrtz/skill-vetting-clawhub/clawhub-skill-vetting">View clawhub-skill-vetting on skillZs</a>