Clawhub Skill Vetting

Name: Clawhub Skill Vetting
Author: hugomrtz

hugomrtz/skill-vetting-clawhub

Run a security-first ClawHub/OpenClaw skill review with go/no-go, confidence score, and sandbox install guidance before adding community skills.

Overview

Clawhub Skill Vetting is an agent skill most often used in Ship (also Build agent-tooling) that runs a security-first checklist before installing ClawHub community skills.

Install

npx skills add https://github.com/hugomrtz/skill-vetting-clawhub --skill clawhub-skill-vetting

What is this skill?

Six-step workflow: source check, mandatory code review, permissions, activity, community, safe install
Requires SKILL VETTING REPORT with go/no-go, red flags, and confidence threshold
Red-flag focus: exfiltration, secrets access, eval/exec, obfuscation
Points to references/vetting-guide.md for checklist, commands, and templates
Recommends sandbox-only or reject when evidence is weak
Six-step mandatory vetting workflow
Code review step marked MANDATORY in workflow

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 1.6k installs on skills.sh; 5 GitHub stars; 2/3 security scanners passed (skills.sh audits).

What problem does it solve?

You found a catchy ClawHub skill but cannot tell if its files exfiltrate data or demand permissions you never intended to grant.

Who is it for?

Indie agent builders curating third-party skills for Claude Code, OpenClaw, or similar runtimes.

Skip if: Teams installing only first-party skills they authored with no marketplace surface.

When should I use this skill?

User asks about evaluating, auditing, or safely installing OpenClaw/ClawHub skills, or when a skill’s trustworthiness is in question.

What do I get? / Deliverables

You receive a structured vetting report with scored confidence and an install recommendation—full go, sandbox only, or reject.

SKILL VETTING REPORT
Go/no-go recommendation
Confidence score with cited red flags

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Ship/security is the canonical shelf because the workflow gates installation risk right before agent capabilities expand in production-like setups. Security subphase matches mandatory code review, permission scope, and red-flag detection called out in the vetting workflow.

Also useful

BuildAgent skills & templates

Where it fits

Example use

BuildAgent skills & templates

Compare two GitHub-helper skills and reject the one with obfuscated network calls.

Example use

ShipSecurity

Produce a go/no-go report before enabling a new ClawHub skill in daily driver config.

Example use

OperateIteration & experiments

Re-vet a skill after a suspicious burst of commits before upgrading production agents.

How it compares

Human-in-the-loop security checklist—not passive registry popularity sorting.

Common Questions / FAQ

Who is clawhub-skill-vetting for?

Solo builders evaluating OpenClaw/ClawHub marketplace skills before giving an agent new tools.

When should I use clawhub-skill-vetting?

In Ship/security before install, and in Build/agent-tooling when adding community packages to a growing skill stack.

Is clawhub-skill-vetting safe to install?

It is a meta-audit workflow; review Security Audits on this Prism page and still inspect target skill source yourself.

SKILL.md

READMESKILL.md - Clawhub Skill Vetting

# ClawHub Skill Vetting

## Overview
Apply a strict, security‑first vetting workflow before installing any ClawHub skill. Prioritize code review, permission scope, domain listing, and risk scoring.

## Workflow
1) **Source check** — author reputation, stars/downloads, last update, reviews.
2) **Code review (MANDATORY)** — scan all files for exfiltration, secrets access, `eval/exec`, obfuscation.
3) **Permission scope** — files, commands, network; confirm minimal scope.
4) **Recent activity** — detect suspicious bursts.
5) **Community check** — Discord/GitHub Discussions.
6) **Install safely** — sandbox + inspect permissions.

## Reference
Use **`references/vetting-guide.md`** for the full checklist, commands, red flags, confidence scoring, and report template.

## Output expectations
- Produce the **SKILL VETTING REPORT** format.
- Provide a **go/no‑go** recommendation with reasons.
- If unclear, recommend **sandbox install only** or **reject**.
- Call out any **red flags** explicitly.
- Include a **confidence score** and threshold.


# ClawHub Skill Vetting — Trust but Verify

## Context
ClawHub is OpenClaw’s community skill marketplace. Malicious or unsafe skills exist (exfiltration, prompt injection, hidden instructions). Use this guide before installing any skill.

---

## Hard rule
**SKILL.md is not enough.** Provide the code for a final verdict.

---

## 1) Source check
Questions:
- Where did this skill come from?
- Is the author known/reputable?
- Downloads/stars?
- Last updated?
- Any reviews from other agents?

## 2) Code review (MANDATORY)
Clone first **do not install blindly**:
```bash
git clone https://github.com/author/skill-name
cd skill-name
```
List code files:
```bash
find . -type f -name "*.ts" -o -name "*.js" -o -name "*.py"
```
Search for suspicious patterns:
```bash
grep -r "fetch\|axios\|http\|request" --include="*.ts" --include="*.js"
grep -r "env\|secret\|key\|token\|password" --include="*.ts" --include="*.js"
grep -r "eval\|exec\|spawn\|child_process" --include="*.ts" --include="*.js"
```

### 🚨 Reject immediately if you see
- curl/wget to unknown URLs
- Sends data to external servers
- Requests credentials/tokens/API keys
- Reads `~/.ssh`, `~/.aws`, `~/.config` without clear reason
- Accesses `MEMORY.md`, `USER.md`, `SOUL.md`, `IDENTITY.md` without explicit consent
- Base64 decode of opaque blobs
- `eval()` / `exec()` with external input
- Modifies system files outside workspace
- Installs packages without listing them
- Network calls to **IPs** instead of domains
- Obfuscated/minified code
- Requests elevated/sudo permissions
- Accesses browser cookies/sessions
- Touches credential files

## 3) Permission scope
Evaluate:
- Files it needs to read/write
- Commands it runs
- Network access (to where?)
- Is scope minimal for stated purpose?

## 4) Recent activity (supply‑chain risk)
```bash
git log --oneline -10
git diff HEAD~10..HEAD
```
Red flag: dormant for months then huge update.

## 5) Community check
Search OpenClaw Discord + GitHub Discussions for prior reviews.

---

## Install safely (even after vetting)
```bash
openclaw skill install author/skill-name --sandbox
openclaw skill inspect author/skill-name
```
`--sandbox` runs the skill in isolation: no filesystem, no env vars, no access to other skills.

---

## Risk classification
- 🟢 **LOW**: notes, weather, formatting → basic review OK
- 🟡 **MEDIUM**: file ops, browser, APIs → full review required
- 🔴 **HIGH**: credentials, trading, system access → human approval required
- ⛔ **EXTREME**: security configs/root → do **not** install

---

## Confidence score (0–100)
**How to score** (simple weighted rubric):
- **Provenance/author (0–25)**: known + active = 25; unknown = 5
- **Code transparency (0–25)**: full r

What is this skill?

Six-step workflow: source check, mandatory code review, permissions, activity, community, safe install

Requires SKILL VETTING REPORT with go/no-go, red flags, and confidence threshold

Red-flag focus: exfiltration, secrets access, eval/exec, obfuscation

Points to references/vetting-guide.md for checklist, commands, and templates

Recommends sandbox-only or reject when evidence is weak

Six-step mandatory vetting workflow

Code review step marked MANDATORY in workflow

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 1.6k installs on skills.sh; 5 GitHub stars; 2/3 security scanners passed (skills.sh audits).

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Also useful

BuildAgent skills & templates

Where it fits

Example use

BuildAgent skills & templates

Compare two GitHub-helper skills and reject the one with obfuscated network calls.

Example use

ShipSecurity

Produce a go/no-go report before enabling a new ClawHub skill in daily driver config.

Example use

OperateIteration & experiments

Re-vet a skill after a suspicious burst of commits before upgrading production agents.

SKILL.md

READMESKILL.md - Clawhub Skill Vetting

# ClawHub Skill Vetting

## Overview
Apply a strict, security‑first vetting workflow before installing any ClawHub skill. Prioritize code review, permission scope, domain listing, and risk scoring.

## Workflow
1) **Source check** — author reputation, stars/downloads, last update, reviews.
2) **Code review (MANDATORY)** — scan all files for exfiltration, secrets access, `eval/exec`, obfuscation.
3) **Permission scope** — files, commands, network; confirm minimal scope.
4) **Recent activity** — detect suspicious bursts.
5) **Community check** — Discord/GitHub Discussions.
6) **Install safely** — sandbox + inspect permissions.

## Reference
Use **`references/vetting-guide.md`** for the full checklist, commands, red flags, confidence scoring, and report template.

## Output expectations
- Produce the **SKILL VETTING REPORT** format.
- Provide a **go/no‑go** recommendation with reasons.
- If unclear, recommend **sandbox install only** or **reject**.
- Call out any **red flags** explicitly.
- Include a **confidence score** and threshold.


# ClawHub Skill Vetting — Trust but Verify

## Context
ClawHub is OpenClaw’s community skill marketplace. Malicious or unsafe skills exist (exfiltration, prompt injection, hidden instructions). Use this guide before installing any skill.

---

## Hard rule
**SKILL.md is not enough.** Provide the code for a final verdict.

---

## 1) Source check
Questions:
- Where did this skill come from?
- Is the author known/reputable?
- Downloads/stars?
- Last updated?
- Any reviews from other agents?

## 2) Code review (MANDATORY)
Clone first **do not install blindly**:
```bash
git clone https://github.com/author/skill-name
cd skill-name
```
List code files:
```bash
find . -type f -name "*.ts" -o -name "*.js" -o -name "*.py"
```
Search for suspicious patterns:
```bash
grep -r "fetch\|axios\|http\|request" --include="*.ts" --include="*.js"
grep -r "env\|secret\|key\|token\|password" --include="*.ts" --include="*.js"
grep -r "eval\|exec\|spawn\|child_process" --include="*.ts" --include="*.js"
```

### 🚨 Reject immediately if you see
- curl/wget to unknown URLs
- Sends data to external servers
- Requests credentials/tokens/API keys
- Reads `~/.ssh`, `~/.aws`, `~/.config` without clear reason
- Accesses `MEMORY.md`, `USER.md`, `SOUL.md`, `IDENTITY.md` without explicit consent
- Base64 decode of opaque blobs
- `eval()` / `exec()` with external input
- Modifies system files outside workspace
- Installs packages without listing them
- Network calls to **IPs** instead of domains
- Obfuscated/minified code
- Requests elevated/sudo permissions
- Accesses browser cookies/sessions
- Touches credential files

## 3) Permission scope
Evaluate:
- Files it needs to read/write
- Commands it runs
- Network access (to where?)
- Is scope minimal for stated purpose?

## 4) Recent activity (supply‑chain risk)
```bash
git log --oneline -10
git diff HEAD~10..HEAD
```
Red flag: dormant for months then huge update.

## 5) Community check
Search OpenClaw Discord + GitHub Discussions for prior reviews.

---

## Install safely (even after vetting)
```bash
openclaw skill install author/skill-name --sandbox
openclaw skill inspect author/skill-name
```
`--sandbox` runs the skill in isolation: no filesystem, no env vars, no access to other skills.

---

## Risk classification
- 🟢 **LOW**: notes, weather, formatting → basic review OK
- 🟡 **MEDIUM**: file ops, browser, APIs → full review required
- 🔴 **HIGH**: credentials, trading, system access → human approval required
- ⛔ **EXTREME**: security configs/root → do **not** install

---

## Confidence score (0–100)
**How to score** (simple weighted rubric):
- **Provenance/author (0–25)**: known + active = 25; unknown = 5
- **Code transparency (0–25)**: full r

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is clawhub-skill-vetting for?

When should I use clawhub-skill-vetting?

Is clawhub-skill-vetting safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is clawhub-skill-vetting for?

When should I use clawhub-skill-vetting?

Is clawhub-skill-vetting safe to install?

SKILL.md