skill-vettingVet ClawHub skills for security and utility before installation. Use when considering installing a ClawHub skill, evaluating third-party code, or assessing w...
Install via ClawdBot CLI:
clawdbot install eddygk/skill-vettingSafely evaluate ClawHub skills for security risks and practical utility.
# Download and inspect
cd /tmp
curl -L -o skill.zip "https://auth.clawdhub.com/api/v1/download?slug=SKILL_NAME"
mkdir skill-inspect && cd skill-inspect
unzip -q ../skill.zip
# Run scanner
python3 ~/.openclaw/workspace/skills/skill-vetting/scripts/scan.py .
# Manual review
cat SKILL.md
cat scripts/*.pycd /tmp
curl -L -o skill.zip "https://auth.clawdhub.com/api/v1/download?slug=SLUG"
mkdir skill-NAME && cd skill-NAME
unzip -q ../skill.zippython3 ~/.openclaw/workspace/skills/skill-vetting/scripts/scan.py .Exit codes: 0 = Clean, 1 = Issues found
The scanner outputs specific findings with file:line references. Review each finding in context.
Even if scanner passes:
# Quick prompt injection check
grep -ri "ignore.*instruction\|disregard.*previous\|system:\|assistant:" .Critical question: What does this unlock that I don't already have?
Compare to:
mcporter list)clawhub list)Skip if: Duplicates existing tools without significant improvement.
| Security | Utility | Decision |
|----------|---------|----------|
| ✅ Clean | 🔥 High | Install |
| ✅ Clean | ⚠️ Marginal | Consider (test first) |
| ⚠️ Issues | Any | Investigate findings |
| 🚨 Malicious | Any | Reject |
Monitor for unexpected behavior:
Remove and report if suspicious.
Generated Mar 1, 2026
A developer team wants to integrate third-party AI skills into their open-source platform. They use this skill to vet each skill's code for security vulnerabilities and ensure it doesn't introduce malicious behavior, protecting their users and maintaining trust.
A large corporation is evaluating AI skills for internal automation. They use this skill to scan for security risks like unauthorized network calls or file operations, ensuring compliance with IT policies before deployment across departments.
A university AI lab is setting up a safe environment for students to experiment with ClawHub skills. They use this skill to vet skills for utility and security, preventing exposure to harmful code while teaching practical AI integration.
A freelance developer is building a custom AI solution for a client and needs to vet third-party skills for functionality and safety. They use this skill to avoid duplicating tools and ensure the code aligns with project requirements without hidden risks.
A tech startup is rapidly prototyping an MVP using AI skills. They use this skill to quickly assess if a skill adds unique value over existing APIs and check for red flags like obfuscated code, saving time and reducing technical debt.
Offer a cloud-based service where users upload skill packages for automated vetting. Charge subscription fees based on scan volume, providing detailed reports and integration with CI/CD pipelines for continuous security monitoring.
Provide expert consulting services to organizations needing in-depth skill vetting. Offer one-time audits or ongoing support contracts, helping clients implement safe AI skill adoption and compliance with industry standards.
Partner with AI skill marketplaces to embed vetting as a premium feature. Earn revenue through licensing fees or commissions on vetted skills, ensuring only safe and useful tools are promoted to users.
💬 Integration Tip
Integrate the skill-vetting scanner into your CI/CD pipeline to automatically check new skills before deployment, ensuring continuous security without manual overhead.
Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autonomous Crons, and battle-tested patterns. Part of the Hal Stack 🦞
Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.
Clawdbot documentation expert with decision tree navigation, search scripts, doc fetching, version tracking, and config snippets for all Clawdbot features
Interact with Moltbook social network for AI agents. Post, reply, browse, and analyze engagement. Use when the user wants to engage with Moltbook, check their feed, reply to posts, or track their activity on the agent social network.
OpenClaw CLI wrapper — gateway, channels, models, agents, nodes, browser, memory, security, automation.
MoltGuard — runtime security plugin for OpenClaw agents by OpenGuardrails. Helps users install, register, activate, and check the status of MoltGuard. Use wh...