clawhub-skill-vetting

Vet ClawHub skills before installation. Use when the user asks about evaluating, auditing, or safely installing OpenClaw/ClawHub skills, or when a skill’s trustworthiness is in question.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "clawhub-skill-vetting" with this command: npx skills add hugomrtz/skill-vetting-clawhub/hugomrtz-skill-vetting-clawhub-clawhub-skill-vetting

ClawHub Skill Vetting

Overview

Apply a strict, security‑first vetting workflow before installing any ClawHub skill. Prioritize code review, permission scope, domain listing, and risk scoring.

Workflow

  1. Source check — author reputation, stars/downloads, last update, reviews.
  2. Code review (MANDATORY) — scan all files for exfiltration, secrets access, eval/exec, obfuscation.
  3. Permission scope — files, commands, network; confirm minimal scope.
  4. Recent activity — detect suspicious bursts.
  5. Community check — Discord/GitHub Discussions.
  6. Install safely — sandbox + inspect permissions.

Reference

Use references/vetting-guide.md for the full checklist, commands, red flags, confidence scoring, and report template.

Output expectations

  • Produce the SKILL VETTING REPORT format.
  • Provide a go/no‑go recommendation with reasons.
  • If unclear, recommend sandbox install only or reject.
  • Call out any red flags explicitly.
  • Include a confidence score and threshold.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

notion-cli-mcp

Notion via notion-cli — a Rust CLI + MCP server for Notion API 2025-09-03+. Three-tier agent integration (read-only default, opt-in runtime writes, opt-in admin lifecycle) with rate limiting, response-size cap, untrusted-source output envelope, per-tier JSONL audit logs, and --check-request dry-runs. Supports the new data-source model, 22 property types, 12 block types, admin schema mutation, relation wiring, dedicated page-move endpoint, db update, and users me (v0.4).

Archived SourceRecently Updated
--0xarkstar
Security

agentguard

GoPlus AgentGuard — AI agent security guard. Run /agentguard checkup for a full security health check, scans all installed skills, checks credentials, permissions, and network exposure, then delivers an HTML report directly to you. Also use for scanning third-party code, blocking dangerous commands, preventing data leaks, evaluating action safety, and running daily security patrols.

Archived SourceRecently Updated
--GoPlusSecurity
Security

fire-smoke-detection-analysis

Detects fire and smoke in video scenes. Supports both video stream and image analysis. Suitable for fire early warning scenarios such as security surveillance, forest fire prevention, and industrial parks. | 烟火检测技能,对视频场景中火情和烟雾进行检测,支持视频流和图片检测,适用于安防监控、森林防火、工业园区等火灾预警场景

Archived SourceRecently Updated
--18072937735
Security

basic-object-detection-analysis

Detects people, vehicles, non-motorized vehicles, pets, and parcels appearing in the target area. Supports video stream and image detection, suitable for general security surveillance scenarios. | 基础目标检测技能,检测出目标区域内出现的人、车、非机动车、宠物、包裹,支持视频流和图片检测,适用于通用安防监控场景

Archived SourceRecently Updated
--18072937735