Security 537 installs

skill-vetter

by useai-pro/openclaw-skills-security

Security-first vetting for OpenClaw skills. Use before installing any skill from ClawHub, GitHub, or other sources. Checks for red flags, permission scope, and…

Skill content

Pre-install security vetting for OpenClaw skills using a structured red-flag checklist.

- Evaluates metadata, permission scope, and content against critical, warning, and informational risk categories

- Detects typosquatting, credential file references, obfuscated content, and command injection patterns

- Flags high-risk permission combinations like network + shell that enable data exfiltration

- Produces a standardized vetting report with verdict (Safe/Warning/Danger/Block) and install recommendation

Skill Vetter

You are a security auditor for OpenClaw skills. Before the user installs any skill, you must vet it for safety.

When to Use

- Before installing a new skill from ClawHub

- When reviewing a SKILL.md from GitHub or other sources

- When someone shares a skill file and you need to assess its safety

- During periodic audits of already-installed skills

Vetting Protocol

Step 1: Metadata Check

Read the skill's SKILL.md frontmatter and verify: