🦞 OpenClaw Platform

Openclaw Skill Vetter 1.0.0v1.0.0

Name: Openclaw Skill Vetter 1.0.0
Author: yiyi-9

openclaw-skill-vetter-1-0-0

Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

869

Stars

CreatedMar 8, 2026

UpdatedMar 8, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install yiyi-9/openclaw-skill-vetter-1-0-0

https://clawhub.com

Skill Package2 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B54/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation6/35

· 392 downloads (low demand)
· 3 installs (very low)

Documentation20/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description
· Detailed summary

Package Completeness9/15

· skillAssets present (1 files)

Security Analysis

🔴 High Risk

CREDENTIAL_ACCESShigh

Accesses sensitive credential files or environment variables

~/.ssh/id_rsa

UNKNOWN_DATA_SINKhigh

Sends data to undocumented external endpoint (potential exfiltration)

POST → https://evil.com/steal

UNSAFE_SHELLmedium

Potentially destructive shell commands in tool definitions

eval(

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://clawhub.com

💡

Usage Guide

Generated Mar 20, 2026

AI developers and engineersIT security professionalsEnterprise risk managersbeginner

💡 Application Scenarios

Enterprise AI Agent Security ComplianceTechnology and Financial Services

Large organizations deploying AI agents across departments use this skill to vet third-party skills before installation, ensuring compliance with internal security policies and preventing credential theft from untrusted code. It integrates into CI/CD pipelines to automatically scan skills from repositories like ClawHub, flagging high-risk permissions like unauthorized network access.

Developer Tool for Skill MarketplacesSoftware Development and SaaS

Platforms hosting AI agent skills, such as ClawHub or GitHub, integrate this vetting protocol to provide automated security reports for listed skills, helping users make informed installation decisions. It reduces support tickets related to malicious code by enforcing red flag checks like obfuscated scripts or credential harvesting patterns.

Educational Workshops on AI SecurityEducation and Cybersecurity

Training programs for AI developers and IT professionals use this skill to teach best practices in code review and risk assessment, using its structured checklist to demonstrate real-world vetting steps. Participants learn to identify threats like data exfiltration or unauthorized file access in hands-on exercises.

Freelance AI Agent Auditing ServicesConsulting and IT Services

Independent security consultants offer vetting services to clients deploying AI agents, using this skill to generate detailed reports on skill safety and risk classification. They analyze skills from sources like GitHub for red flags such as eval() usage or unknown URLs, providing recommendations based on the LOW/MEDIUM/HIGH/EXTREME scale.

Open Source Community ModerationOpen Source and Non-Profit

Open source projects involving AI agents employ this skill to review community-contributed skills before merging, ensuring they adhere to security standards and minimal privilege principles. It automates checks for dependencies and permission scope, preventing issues like system file modifications in shared repositories.

💼 Business Models

Freemium Security ToolSubscription fees from $10/month for individuals to $500/month for enterprise plans

Offer a free basic version for individual users to vet skills manually, with premium tiers providing automated scanning, API access for enterprises, and detailed compliance reports. Revenue comes from subscriptions for advanced features like integration with CI/CD systems and priority support.

B2B Security IntegrationLicensing fees ranging from $5,000 to $50,000 annually per client

License the vetting protocol to companies building AI agent platforms, embedding it as a core security feature to enhance trust and reduce liability. Revenue is generated through upfront licensing fees and ongoing maintenance contracts based on user scale and customization needs.

Consulting and Training ServicesConsulting fees of $150-$300 per hour, with training packages from $2,000 to $10,000

Provide expert consulting to organizations for implementing the vetting process, including custom workshops, security audits, and incident response for skill-related breaches. Revenue streams include hourly rates for consultations and fixed-price packages for training sessions.

💬 Integration Tip

Integrate this skill into automated workflows using its quick vet commands for GitHub or ClawHub, ensuring tools like curl and jq are installed as prerequisites to streamline security checks.