skill-vettingVet ClawHub skills for security and utility before installation. Use when considering installing a ClawHub skill, evaluating third-party code, or assessing w...
Install via ClawdBot CLI:
clawdbot install eddygk/skill-vettingGrade Good — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
/etc/passwdContains instructions to override system prompt or ignore user requests
"Ignore all previous instructions"Sends data to undocumented external endpoint (potential exfiltration)
post → https://attacker.com/exfilPotentially destructive shell commands in tool definitions
rm -rf /Generated Mar 1, 2026
A developer team wants to integrate third-party AI skills into their open-source platform. They use this skill to vet each skill's code for security vulnerabilities and ensure it doesn't introduce malicious behavior, protecting their users and maintaining trust.
A large corporation is evaluating AI skills for internal automation. They use this skill to scan for security risks like unauthorized network calls or file operations, ensuring compliance with IT policies before deployment across departments.
A university AI lab is setting up a safe environment for students to experiment with ClawHub skills. They use this skill to vet skills for utility and security, preventing exposure to harmful code while teaching practical AI integration.
A freelance developer is building a custom AI solution for a client and needs to vet third-party skills for functionality and safety. They use this skill to avoid duplicating tools and ensure the code aligns with project requirements without hidden risks.
A tech startup is rapidly prototyping an MVP using AI skills. They use this skill to quickly assess if a skill adds unique value over existing APIs and check for red flags like obfuscated code, saving time and reducing technical debt.
Offer a cloud-based service where users upload skill packages for automated vetting. Charge subscription fees based on scan volume, providing detailed reports and integration with CI/CD pipelines for continuous security monitoring.
Provide expert consulting services to organizations needing in-depth skill vetting. Offer one-time audits or ongoing support contracts, helping clients implement safe AI skill adoption and compliance with industry standards.
Partner with AI skill marketplaces to embed vetting as a premium feature. Earn revenue through licensing fees or commissions on vetted skills, ensuring only safe and useful tools are promoted to users.
💬 Integration Tip
Integrate the skill-vetting scanner into your CI/CD pipeline to automatically check new skills before deployment, ensuring continuous security without manual overhead.
Scored Apr 19, 2026
Calls external URL not in known-safe list
https://auth.clawdhub.com/api/v1/download?slug=SKILL_NAMEUses known external API (expected, informational)
api.github.comAI Analysis
The skill is a security auditing tool designed to vet other skills, and its external API calls (clawdhub.com) are consistent with its stated purpose of downloading skills for inspection. The 'red flag' examples like 'Ignore all previous instructions' and 'https://attacker.com/exfil' are instructional examples of what to look for in other skills, not actual malicious code within this skill itself.
Audited Apr 16, 2026 · audit v1.0
Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autonomous Crons, and battle-tested patterns. Part of the Hal Stack 🦞
Clawdbot documentation expert with decision tree navigation, search scripts, doc fetching, version tracking, and config snippets for all Clawdbot features
Display and control HTML content on connected Mac, iOS, or Android nodes via a web-based canvas with live reload and remote actions.
Transform AI agents from task-followers into proactive partners with memory architecture, reverse prompting, and self-healing patterns. Lightweight version f...
Backup and restore OpenClaw data. Use when user asks to create backups, set up automatic backup schedules, restore from backup, or manage backup rotation. Handles ~/.openclaw directory archiving with proper exclusions.
Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.