skill-vetter

The skill-vetter provides a structured checklist for auditing OpenClaw skills before installation. It guides users through metadata verification, permission scope analysis, content inspection for security red flags, and typosquatting detection.

20.1K
Installs
4
Use cases
9/10
Quality

Is skill-vetter safe to install?

Safe to install

Safe to install: our audit of skill-vetter's source files found 0 shell commands, 0 external URLs, file reads and writes (low risk). Every command and URL listed appears verbatim in the skill's source. The skill reads local files to perform its analysis. It does not execute shell commands or make network requests.

How we audit skills: our security review methodology.

Who is this skill for?

OpenClaw operators and security-conscious users who perform manual audits on new or existing skills.

What can you do with it?

  • Vetting new skills from ClawHub or GitHub before installation
  • Performing periodic security audits of installed skills
  • Identifying suspicious patterns or credential access in skill files
  • Detecting typosquatting in skill names

How good is this skill?

Quality score: 9/10. The skill provides a clear, actionable protocol for security auditing. It is well-documented and follows a logical structure for manual review.

What does the skill file contain?

SKILL.md
# Skill Vetter

You are a security auditor for OpenClaw skills. Before the user installs any skill, you must vet it for safety.

## When to Use

- Before installing a new skill from ClawHub
- When reviewing a SKILL.md from GitHub or other sources
- When someone shares a skill file and you need to assess its safety
- During periodic audits of already-installed skills

## Vetting Protocol

### Step 1: Metadata Check

Read the skill's SKILL.md frontmatter and verify:

- [ ] `name` matches the expected skill name (no typosquatting)
- [ ] `version` follows semver
- [ ] `description` is clear and ma...

Frequently asked questions

Does this skill automatically block malicious skills?

No. The skill provides a manual vetting checklist and generates a report for the user to make an install-or-block decision.

What specific red flags does the skill look for?

It flags access to credential files like ~/.ssh or ~/.aws, use of network commands like curl or wget, obfuscated content, and requests for elevated privileges.

Can this skill detect typosquatting?

Yes. It instructs the user to compare skill names against known legitimate skills, looking for character swaps, additions, deletions, or homoglyph substitutions.

Data sourced from useai-pro/openclaw-skills-security on GitHub. Install counts from skills.sh. The summary and security audit are derived from the skill's source files: every command and URL listed appears verbatim in the source.

Related skills

seo-audit

133.3K

Users seeking to diagnose SEO issues, improve organic search performance, or conduct a health check on their website

The seo-audit skill provides a structured framework for diagnosing and recommending improvements for website search engine optimization. It guides the agent through technical, on-page, and content quality assessments, including specific checks for international SEO and site-type-specific issues.

highseoauditcoreyhaines31

analyze-project

91.3K

Researchers and developers who need to understand the architecture and implementation details of a deep learning repository before modifying code

The analyze-project skill performs read-only audits of deep learning repositories. It maps model structures, identifies training and inference entrypoints, reviews configuration relationships, and flags suspicious implementation patterns.

mediumauditdeep-learninglllllllama

audit-website

58.0K

Developers, SEO specialists, and website administrators who need to automate website health monitoring, technical debugging, and performance optimization

The audit-website skill enables AI agents to perform comprehensive website audits using the squirrelscan CLI. It evaluates websites against 240+ rules across 22 categories, including SEO, performance, security, and accessibility. The skill generates LLM-optimized reports, identifies issues, and provides actionable recommendations for remediation.

highseoauditsquirrelscan

stripe-best-practices

52.1K

Developers building, modifying, or reviewing Stripe integrations

The stripe-best-practices skill provides guidance on Stripe API selection, integration patterns, and security configurations. It directs the agent to reference specific internal documentation files for payments, Connect, billing, tax, treasury, and security topics.

highstripepaymentsstripe