🔐 Security & Audit

Chen Skill Vetterv1.0.0

Name: Chen Skill Vetter
Author: cs995279497-byte

chen-skill-vetter

Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...

latest

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

852

Stars

CreatedMar 23, 2026

UpdatedMay 1, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install cs995279497-byte/chen-skill-vetter

Skill Package1 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B60/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation9/35

· 505 downloads (moderate demand)
· 4 installs (very low)

Documentation20/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description
· Detailed summary

Package Completeness6/15

· skillAssets present (0 files)

Security Analysis

💙 Low Risk

UNSAFE_SHELLmedium

Potentially destructive shell commands in tool definitions

eval(

KNOWN_EXTERNALlow

Uses known external API (expected, informational)

api.github.com

Audited Apr 17, 2026 · audit v1.0

💡

Usage Guide

Generated May 10, 2026

AI agents operating autonomously in skill marketplacesEnterprise DevOps teams using AI agents for automationintermediate

💡 Application Scenarios

Vetting Skills from Unknown Open-Source ReposSoftware Development

An AI agent is asked to install a new skill from a low-star GitHub repository. The agent uses the Skill Vetter to check the source reputation, review code for red flags, and assess permissions before deciding to install.

Auditing Skills in a Collaborative Agent MarketplaceCybersecurity

In a marketplace like ClawdHub, agents share skills. Before installing a skill shared by another agent, the Skill Vetter runs a full security check, including code review and risk classification, to prevent malicious skills from spreading.

Preventing Credential Theft via Rogue SkillsCloud Computing

A skill requests access to ~/.ssh and ~/.aws directories. The Skill Vetter flags this as a HIGH risk, requiring human approval, and prevents automatic installation, thus protecting sensitive credentials.

Evaluating Skills for a DevOps PipelineDevOps

A DevOps team integrates AI agents into CI/CD. Before deploying a skill that automates infrastructure changes, the Skill Vetter checks for network calls to unknown IPs and commands that modify system files, ensuring pipeline security.

Vetting Skills in a Financial Trading BotFinance

A financial AI agent considers installing a skill that claims to optimize trades. The Skill Vetter scans for obfuscated code and network calls, and classifies it as HIGH risk, triggering manual review to prevent financial loss.

💼 Business Models

Security-as-a-Service for Agent MarketplacesSubscription fees from marketplace platforms based on volume of skills vetted.

Offer automated skill vetting as a subscription service for platforms like ClawdHub, ensuring all skills uploaded pass security checks. Revenue comes from platform licensing fees per skill vetted.

API-Based Vetting for Enterprise AI DeploymentsPer-API-call pricing, with tiered plans for high-frequency users.

Provide an API endpoint that enterprises integrate into their internal AI agent workflows to vet skills automatically. Revenue is generated via usage-based pricing per API call.

Premium Manual Vetting for High-Risk SkillsFlat fee per manual vetting session, with rush delivery options at higher cost.

For skills classified as HIGH or EXTREME risk, offer a human-in-the-loop auditing service where security experts perform deep code reviews. Revenue comes from per-skill audit fees.

💬 Integration Tip

Integrate the Skill Vetter as a pre-install hook in your agent's workflow—call it before any skill installation command to ensure all checks are automated.