🇺🇸English
Skill Vetter
Security gate that runs multiple scanners against a skill before installation.
When to Use
Use before installing ANY skill to Claude Code, OpenClaw, or your other favorite AI agent — whether from ClawHub, GitHub, or any external source.
Ask the user: "Should I run skill-vetter on this before installing?" whenever they mention installing a new skill.
How to Run
Check dependencies first
bash {baseDir}/scripts/check-deps.sh
Fix any missing dependencies before proceeding.
Run the full scan
bash {baseDir}/scripts/vett.sh "<skill-name-or-path>"
The argument can be:
- A ClawHub skill name:
youtube-summarize
- A GitHub URL:
https://github.com/user/repo
- A local path:
/tmp/my-skill/
Interpret Results
| Verdict | Meaning | Action |
|---|
| BLOCKED | CRITICAL or HIGH findings | Do NOT install. Show findings. |
| REVIEW | Medium severity findings | Show findings, ask user to decide. |
| SAFE | All scanners passed | Proceed with installation. |
After Verdict
Always show the user:
- Which scanners ran
- Which passed/failed
- Specific findings for anything flagged
- Your recommendation
Never install the skill automatically. Always confirm with the user after showing results.
Scanners Used
| Scanner | What It Checks |
|---|
| aguara | Prompt injection, obfuscation, suspicious LLM calls |
| skill-analyzer | Known malicious patterns, CVE database |
| secrets-scan | Hardcoded API keys, tokens, credentials |
| structure-check | Missing SKILL.md, malformed YAML, dangerous files |
Example Output
════════════════════════════════════════════════════════════
SKILL VETTER — Security Scan: malicious-skill
Path: /tmp/skill-vetter-abc123/malicious-skill
════════════════════════════════════════════════════════════
[1/4] aguara............. ✅ PASS
[2/4] skill-analyzer..... ❌ FAIL (HIGH: prompt injection pattern)
[3/4] secrets-scan....... ⚠️ WARN (Medium: base64 encoded string)
[4/4] structure-check.... ✅ PASS
════════════════════════════════════════════════════════════
VERDICT: BLOCKED
Reasons: 1 HIGH, 1 MEDIUM
════════════════════════════════════════════════════════════
Do NOT install this skill. It contains:
- HIGH: Prompt injection in SKILL.md (line 47)
- MEDIUM: Base64 encoded string in scripts/run.sh (line 12)
Dependencies
aguara — Go-based prompt scannerskill-analyzer — Cisco AI skill scanner (Python)python3 — For additional checkscurl, jq — For API calls and JSON parsing
Run check-deps.sh to verify all tools are installed.
Weekly Installs
50
Repository
app-incubator-x…l-vetter
GitHub Stars
1
First Seen
6 days ago
Security Audits
Gen Agent Trust HubFailSocketPassSnykWarn
Installed on
opencode50
codex49
gemini-cli49
amp49
cline49
github-copilot49
