Editor's Note
clawhub-skill-vetting
Vet ClawHub skills before installation. Use when the user asks about evaluating, auditing, or safely installing OpenClaw/ClawHub skills, or when a skill’s trustworthiness is in question.
Install
npx skills add https://github.com/hugomrtz/skill-vetting-clawhub --skill clawhub-skill-vettingSKILL.md
ClawHub Skill Vetting
Overview
Apply a strict, security‑first vetting workflow before installing any ClawHub skill. Prioritize code review, permission scope, domain listing, and risk scoring.
Workflow
- Source check — author reputation, stars/downloads, last update, reviews.
- Code review (MANDATORY) — scan all files for exfiltration, secrets access,
eval/exec, obfuscation. - Permission scope — files, commands, network; confirm minimal scope.
- Recent activity — detect suspicious bursts.
- Community check — Discord/GitHub Discussions.
- Install safely — sandbox + inspect permissions.
Reference
Use references/vetting-guide.md for the full checklist, commands, red flags, confidence scoring, and report template.
Output expectations
- Produce the SKILL VETTING REPORT format.
- Provide a go/no‑go recommendation with reasons.
- If unclear, recommend sandbox install only or reject.
- Call out any red flags explicitly.
- Include a confidence score and threshold.
Installs1.5K
GitHub Stars4
AddedFeb 19, 2026
Related Security Skills
View allfind-skills
vercel-labs/skills
1.1M18.6k1.1M
vercel-react-best-practices
vercel-labs/agent-skills
320.4K26.6k320.4K
frontend-design
anthropics/skills
299.9K134.5k299.9K
web-design-guidelines
vercel-labs/agent-skills
256.2K26.6k256.2K
remotion-best-practices
remotion-dev/skills
243.3K3.2k243.3K
agent-browser
vercel-labs/agent-browser
186.7K33.1k186.7K