Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Security Analysis
high confidenceAn instruction-only vetting checklist that is internally consistent with its stated purpose and requests no credentials or installs; minor metadata provenance inconsistency is worth checking before trusting it blindly.
The skill's name, description, and SKILL.md all describe a vetting checklist and the instructions align with that purpose. It is instruction-only and does not request binaries, env vars, or installs. Note: the registry metadata Owner ID (kn78...) differs from the _meta.json ownerId (kn71...), which is a provenance inconsistency worth verifying.
The SKILL.md explicitly instructs the agent to 'Read ALL files in the skill' and to run network queries (curl to GitHub APIs) to gather repo info. Those actions are appropriate for a vetting skill, but they require the agent to have file and network access limited to the target repo/workspace; if the agent's file read scope is broader, these instructions could cause wider data exposure. The instructions themselves do not ask the agent to exfiltrate data or access unrelated credentials.
No install spec and no code files are present (instruction-only). This minimizes risk from arbitrary downloads or disk writes.
The skill declares no environment variables, credentials, or config paths. The SKILL.md advises rejecting skills that request credentials or access to credential files, which is consistent with a security-focused vetter.
always is false and the skill does not request persistent presence or modification of other skills or global agent settings. Autonomous invocation is allowed (platform default) but not excessive for this use case.
Guidance
This skill is coherent and appears safe to use as a checklist. Before relying on it: (1) Verify the skill's provenance — the ownerId in the included _meta.json does not match the registry Owner ID provided to you; confirm which is authoritative. (2) Ensure your agent's file read scope is limited to the skill repository/workspace so 'read all files' cannot access unrelated private data (SSH keys, AWS creds, etc.). (3) If you allow the skill to run network queries, prefer read-only API calls and inspect the exact curl endpoints it will call. (4) Use this vetter as an aid, not a substitute for human review on high-risk skills.
Latest Release
v1.0.0
Initial release of Skill Vetter: a security-first vetting guide for AI agent skills. - Outlines a step-by-step protocol to check source, code, permissions, and risk level before installing any skill. - Lists clear red flags to reject (e.g., credential access, suspicious network calls, use of eval/exec). - Provides a detailed vetting report template for consistent reviews. - Includes practical commands for vetting GitHub-hosted skills. - Highlights trust hierarchy and best practices for skill installation security.
Popular Skills
Published by @h-harry on ClawHub
