📦 Skill Vetter — 安装前安检

Name: Skill Vetter — 安装前安检
Rating: 24

v1.0.0

安装任意 AI 智能体技能前的安全审查协议，自动侦测凭证窃取、混淆代码、数据渗出等高危行为，并给出 L 级风险分级与处置建议，保障系统与数据安全。

24· 1.8万·193 当前·202 累计

by @donovanpankratz-del (dp-del)

安全智能体开发工具自动化测试工具

下载技能包

最后更新

2026/2/26

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

NULL

评估建议

This skill is an instruction-only vetting checklist that uses curl/jq to inspect repos and produce reports — its declared requirements match its purpose. Before using it: (1) ensure the agent confines its file reads to the skill workspace (not your home dir), (2) avoid running package manager install hooks when downloading code (download raw archives or clone the repo rather than executing installers), and (3) remember automated vetting can't catch every malicious behavior — follow the checklist...

详细分析 ▾

✓ 用途与能力

Name/description (pre-install vetting) align with what the skill requires: only curl and jq for GitHub/HTTP checks. No credentials, no unusual binaries or filesystem paths are requested.

ℹ 指令范围

SKILL.md instructs the agent to inspect a skill's files, repo metadata, and make network queries to GitHub or ClawHub—these actions are coherent with vetting. One minor ambiguity: 'Read ALL files in the skill' should be interpreted as files in the downloaded skill workspace, not arbitrary system files; the docs largely imply workspace-scoped checks. The Quick Vet Commands suggest running 'clawhub install' into a temp dir—be cautious because some package/install tooling can run install hooks even during install.

✓ 安装机制

This is instruction-only with no install spec or archives to download. That minimizes on-disk/automatic execution risk. Required binaries (curl, jq) are standard and proportional.

✓ 凭证需求

No environment variables or credentials are requested. The skill's checks explicitly flag access to ~/.ssh, ~/.aws, browser cookies, etc., as red flags rather than asking for them.

✓ 持久化与权限

always is false and the skill does not request persistent system presence or elevated privileges. It does not modify other skills' configurations.

安全有层次，运行前请审查代码。

运行时依赖

🖥️ OSLinux · macOS · Windows

版本

latestv1.0.02026/2/25

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install openclaw-skill-vetter

镜像加速npx clawhub@latest install openclaw-skill-vetter --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库