Skill Vetter
Run a multi-scanner security gate on any third-party agent skill from ClawHub, GitHub, or disk before you install it into Claude Code, OpenClaw, or another agent.
Overview
Skill Vetter is an agent skill most often used in Ship (also Build integrations, Operate iterate) that runs multiple security scanners on a skill package and returns BLOCKED, REVIEW, or SAFE before you install it into an
Install
npx skills add https://github.com/app-incubator-xyz/skill-vetter --skill skill-vetterWhat is this skill?
- Runs `vett.sh` against ClawHub names, GitHub URLs, or local skill paths after `check-deps.sh`
- Three verdicts: BLOCKED (CRITICAL/HIGH), REVIEW (medium), SAFE (all scanners passed)
- User-invocable trigger when adding or reviewing skills for Claude Code, OpenClaw, or similar agents
- Surfaces which scanners ran, pass/fail per scanner, and specific flagged findings
- Explicit prompt: ask whether to run skill-vetter before any new skill install
- Three verdict levels: BLOCKED, REVIEW, and SAFE
- Supports ClawHub names, GitHub URLs, and local paths as scan targets
Adoption & trust: 878 installs on skills.sh; 34 GitHub stars; 1/3 security scanners passed (skills.sh audits).
What problem does it solve?
You want a shiny new ClawHub or GitHub skill in your agent but have no fast way to know if the package hides malicious or suspicious code.
Who is it for?
Solo builders who routinely install community skills and want a repeatable pre-flight scan instead of trusting README marketing copy.
Skip if: Replacing full application pentests, SAST on your own product codebase, or vetting MCP servers when the artifact is not an agent skill package.
When should I use this skill?
User mentions installing, adding, or reviewing a skill to Claude Code, OpenClaw, or any other AI agent—or asks if they should vet before install.
What do I get? / Deliverables
You get a scanner-backed verdict with concrete findings so you only install when SAFE or you consciously accept REVIEW—and you never proceed on BLOCKED.
- Per-scanner pass/fail summary
- BLOCKED, REVIEW, or SAFE verdict with flagged finding details
- Clear install/no-install recommendation for the user
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Installing external skills is a supply-chain risk moment; the canonical shelf is Ship → Security because vetting belongs in the same gate as code review and launch hardening. Subphase security covers pre-install trust checks, suspicious-pattern detection, and blocking CRITICAL/HIGH findings before agent tooling enters your repo.
Where it fits
You found a GitHub-hosted skill for API glue and run skill-vetter on the repo URL before adding it to your agent stack.
Launch week adds three marketplace skills; you batch-scan each with vett.sh and block anything CRITICAL/HIGH.
A community skill promises log parsers; you REVIEW or SAFE-gate it before it gets filesystem access in production workflows.
How it compares
Use as a dedicated pre-install skill gate—not the same as an in-repo OWASP code audit like security-auditor.
Common Questions / FAQ
Who is skill-vetter for?
Indie and solo developers using Claude Code, OpenClaw, or similar agents who install third-party skills from marketplaces or git and want a security checkpoint first.
When should I use skill-vetter?
Before installing any external skill during Build agent-tooling setup, before Ship hardening when you add launch-week automation skills, or during Operate when you pull maintenance skills—whenever the user mentions installing, adding, or reviewing a skill.
Is skill-vetter safe to install?
It is a local scanning workflow driven by shell scripts; review the Security Audits panel on this Prism page and inspect `scripts/vett.sh` in the repo before trusting it with paths to untrusted packages.
SKILL.md
READMESKILL.md - Skill Vetter
# Skill Vetter Security gate that runs multiple scanners against a skill before installation. ## When to Use Use before installing **ANY** skill to Claude Code, OpenClaw, or your other favorite AI agent — whether from ClawHub, GitHub, or any external source. Ask the user: "Should I run skill-vetter on this before installing?" whenever they mention installing a new skill. ## How to Run ### Check dependencies first ```bash bash {baseDir}/scripts/check-deps.sh ``` Fix any missing dependencies before proceeding. ### Run the full scan ```bash bash {baseDir}/scripts/vett.sh "<skill-name-or-path>" ``` The argument can be: - A ClawHub skill name: `youtube-summarize` - A GitHub URL: `https://github.com/user/repo` - A local path: `/tmp/my-skill/` ## Interpret Results | Verdict | Meaning | Action | |---------|---------|--------| | **BLOCKED** | CRITICAL or HIGH findings | Do NOT install. Show findings. | | **REVIEW** | Medium severity findings | Show findings, ask user to decide. | | **SAFE** | All scanners passed | Proceed with installation. | ## After Verdict Always show the user: 1. Which scanners ran 2. Which passed/failed 3. Specific findings for anything flagged 4. Your recommendation **Never install the skill automatically.** Always confirm with the user after showing results. ## Scanners Used | Scanner | What It Checks | |---------|---------------| | aguara | Prompt injection, obfuscation, suspicious LLM calls | | skill-analyzer | Known malicious patterns, CVE database | | secrets-scan | Hardcoded API keys, tokens, credentials | | structure-check | Missing SKILL.md, malformed YAML, dangerous files | ## Example Output ``` ════════════════════════════════════════════════════════════ SKILL VETTER — Security Scan: malicious-skill Path: /tmp/skill-vetter-abc123/malicious-skill ════════════════════════════════════════════════════════════ [1/4] aguara............. ✅ PASS [2/4] skill-analyzer..... ❌ FAIL (HIGH: prompt injection pattern) [3/4] secrets-scan....... ⚠️ WARN (Medium: base64 encoded string) [4/4] structure-check.... ✅ PASS ════════════════════════════════════════════════════════════ VERDICT: BLOCKED Reasons: 1 HIGH, 1 MEDIUM ════════════════════════════════════════════════════════════ Do NOT install this skill. It contains: - HIGH: Prompt injection in SKILL.md (line 47) - MEDIUM: Base64 encoded string in scripts/run.sh (line 12) ``` ## Dependencies - `aguara` — Go-based prompt scanner - `skill-analyzer` — Cisco AI skill scanner (Python) - `python3` — For additional checks - `curl`, `jq` — For API calls and JSON parsing Run `check-deps.sh` to verify all tools are installed. #!/bin/bash # install.sh — install skill-vetter and its dependencies # Usage: # bash install.sh (from cloned repo) # bash <(curl -s https://raw.githubusercontent.com/app-incubator-xyz/skill-vetter/master/scripts/install.sh) set -euo pipefail REPO_URL="https://github.com/app-incubator-xyz/skill-vetter.git" SKILL_NAME="skill-vetter" echo "" echo "════════════════════════════════════════════════════════════" echo "Skill Vetter — Installer" echo "════════════════════════════════════════════════════════════" echo "" # ── Detect OS ──────────────────────────────────────────────────────────────── OS="unknown" if [[ "$OSTYPE" == "darwin"* ]]; then OS="macos" elif [[ "$OSTYPE" == "linux"* ]]; then OS="linux" fi # ── Install prerequisites ──────────────────────────────────────────────────── installed=() skipped=() echo "▸ Checking prerequisites..." echo "" # jq if command -v jq &>/dev/null; then echo " ✅ jq" else echo " ⏳ Installing jq..." if [[ "$OS" == "macos" ]] && command -v brew &>/dev/null; the