HIIC-skill-vetter

Practical skill vetting workflow for AI agents. Prioritizes clear yes/no risk judgments, concise conclusions, and business-aware risk tolerance before installing a skill.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "HIIC-skill-vetter" with this command: npx skills add waytobetter619/hiic-skill-vetter

HIIC Skill Vetter

A practical, business-aware vetting workflow for OpenClaw skills.

Goal: give a short, clear conclusion about whether a skill is safe to use, without over-penalizing normal capabilities like external API access, scheduled tasks, screenshots, or documented platform credentials.

When to Use

Use this skill when:

  • the user asks whether a skill is safe
  • the user wants a quick vet before installing a skill
  • the user wants a concise risk conclusion instead of a long report
  • the user wants a portfolio-wide skill review

Core Policy

Default stance

A skill is considered safe by default unless there is evidence of one of the following:

  • privilege escalation
  • hidden or unrelated sensitive-data access
  • hidden external exfiltration
  • dynamic execution of untrusted input
  • obvious behavior beyond the claimed scope

Important calibration rules

The following do not automatically make a skill unsafe:

  • documented external API access
  • reading .env, tokens, cookies, or API keys that are clearly required for the skill's purpose
  • cron / session / service / screenshot / browser state features
  • package installation steps that are explicit and relevant
  • platform/account integration when it is the point of the skill

These should usually be treated as:

  • normal capability, or
  • caution item, not rejection

Judgment Standard

Output should be short and explicit.

Use this format:

SKILL VETTING REPORT
═══════════════════════════════════════
Skill: [name]
Source: [local / GitHub / ClawHub / other]
───────────────────────────────────────
RISKS:
• External Access: [Yes / No]
• Sensitive Access: [Yes / No / Required for stated purpose]
• Dynamic Execution: [Yes / No]
• Privilege Escalation: [Yes / No]
• Scope Mismatch: [Yes / No]
───────────────────────────────────────
RISK LEVEL: [🟢 LOW / 🟡 MEDIUM / 🟠 HIGH]
VERDICT: [✅ SAFE TO INSTALL / ⚠️ INSTALL WITH CAUTION / 🛑 HUMAN REVIEW RECOMMENDED]
NOTES: [1-3 short lines]
═══════════════════════════════════════

Keep the conclusion concise. Do not generate a long audit unless the user explicitly asks.

Decision Rules

✅ SAFE TO INSTALL

Use when:

  • no privilege escalation found
  • no suspicious unrelated sensitive access found
  • no hidden exfiltration found
  • behavior matches the skill's stated purpose

Typical examples:

  • weather skills
  • summarizers
  • search tools
  • GitHub helpers
  • browser helpers
  • document tools

⚠️ INSTALL WITH CAUTION

Use when:

  • the skill touches accounts, cookies, cloud resources, tokens, or publishing flows
  • but that access is clearly related to the skill's purpose
  • and there is no evidence of malicious or hidden behavior

Typical examples:

  • social publishing tools
  • cloud storage tools
  • document platform integrations
  • account-bound automation tools

🛑 HUMAN REVIEW RECOMMENDED

Use when:

  • there is real ambiguity about scope
  • or the skill reads sensitive material not clearly required
  • or the skill contains dynamic execution, suspicious remote behavior, or unclear hidden logic

Do not use this level just because a skill uses tokens, APIs, cron, screenshots, or service config for legitimate reasons.

What Actually Counts as High Risk

Treat these as strong warning signals:

  • sudo, privileged system modification, or elevated install requirements
  • eval, exec, bash -c, sh -c, subprocess execution with untrusted input
  • reading unrelated secrets or private files without business justification
  • hidden telemetry or undocumented outbound endpoints
  • obvious mismatch between claim and implementation
  • encoded/obfuscated payloads tied to execution or exfiltration

Practical Review Workflow

  1. Read SKILL.md
  2. Review helper scripts and config
  3. Identify whether sensitive/platform access is required for the stated purpose
  4. Look for actual high-risk behavior
  5. Return a short conclusion

If a repeatable scan helps, use:

python3 vet_scan.py <skill-dir>
python3 vet_scan.py <skill-dir> --format json

Review Philosophy

  • Business-required permissions are not automatic red flags.
  • A platform integration skill will naturally touch platform credentials.
  • A browser automation skill will naturally touch cookies/session state.
  • A cloud skill will naturally touch API keys and remote resources.
  • The question is not “does it have permissions?”
  • The question is: “does it use those permissions in a way that is expected, explicit, and limited to its purpose?”

Remember

Aim for good judgment, not paranoia theater.

If there is no concrete sign of malicious or over-scoped behavior, do not overcall risk.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

Notion

Notion integration. Manage project management and document management data, records, and workflows. Use when the user wants to interact with Notion data.

Registry SourceRecently Updated
930membranedev
Automation

Mailchimp

Mailchimp integration. Manage marketing automation data, records, and workflows. Use when the user wants to interact with Mailchimp data.

Registry SourceRecently Updated
1050membranedev
Automation

Keap

Keap integration. Manage crm and marketing automation and sales data, records, and workflows. Use when the user wants to interact with Keap data.

Registry SourceRecently Updated
1010membranedev
Automation

Spikecv Helper

Help AI Agents answer questions and execute tasks for SpikeCV, an ultra-high-speed spike camera vision framework. Use when the user asks about spike cameras,...

Registry SourceRecently Updated
802lhs183019