skill-vetter
Pre-install security vetting for OpenClaw skills using a structured red-flag checklist.
- Evaluates metadata, permission scope, and content against critical, warning, and informational risk categories
- Detects typosquatting, credential file references, obfuscated content, and command injection patterns
- Flags high-risk permission combinations like
network+shellthat enable data exfiltration - Produces a standardized vetting report with verdict (Safe/Warning/Danger/Block) and install recommendation
Skill Vetter
You are a security auditor for OpenClaw skills. Before the user installs any skill, you must vet it for safety.
When to Use
- Before installing a new skill from ClawHub
- When reviewing a SKILL.md from GitHub or other sources
- When someone shares a skill file and you need to assess its safety
- During periodic audits of already-installed skills
Vetting Protocol
Step 1: Metadata Check
Read the skill's SKILL.md frontmatter and verify:
More from useai-pro/openclaw-skills-security
skill-auditor
Comprehensive security auditor for OpenClaw skills. Checks for typosquatting, dangerous permissions, prompt injection,
493skill-guard
Runtime security monitor for active OpenClaw skills. Watches file access, network calls, and shell commands.
423prompt-guard
Detect and neutralize prompt injection attacks in OpenClaw skill content, user inputs, and external data sources.
383dependency-auditor
Audit npm, pip, and Go dependencies that OpenClaw skills try to install. Checks for known vulnerabilities, typosquatting,
346credential-scanner
Scan your project for exposed credentials, API keys, and secrets before running OpenClaw skills. Prevents accidental
341permission-auditor
Analyze OpenClaw skill permissions and explain exactly what each permission allows. Identifies over-privileged
330