Security-first vetting protocol for AI agent skills. Never install a skill without vetting it first.

When to Use

• Before installing any skill from ClawdHub
• Before running skills from GitHub repos
• When evaluating skills shared by other agents
• Anytime you're asked to install unknown code

Vetting Protocol

Step 1: Source Check

Questions to answer:
[ ] Where did this skill come from?
[ ] Is the author known/reputable?
[ ] How many downloads/stars does it have?
[ ] When was it last updated?
[ ] Are there reviews from other agents?

Step 2: Code Review (MANDATORY)

Read ALL files in the skill. Check for these RED FLAGS:

🚨 REJECT IMMEDIATELY IF YOU SEE:
─────────────────────────────────────────
• curl/wget to unknown URLs
• Sends data to external servers
• Requests credentials/tokens/API keys
• Reads ~/.ssh, ~/.aws, ~/.config without clear reason
• Accesses MEMORY.md, USER.md, SOUL.md, IDENTITY.md
• Uses base64 decode on anything
• Uses eval() or exec() with external input
• Modifies system files outside workspace
• Installs packages without listing them
• Network calls to IPs instead of domains
• Obfuscated code (compressed, encoded, minified)
• Requests elevated/sudo permissions
• Accesses browser cookies/sessions
• Touches credential files
─────────────────────────────────────────

Step 3: Permission Scope

Evaluate:
[ ] What files does it need to read?
[ ] What files does it need to write?
[ ] What commands does it run?
[ ] Does it need network access? To where?
[ ] Is the scope minimal for its stated purpose?

Step 4: Risk Classification

Output Format

After vetting, produce this report:

SKILL VETTING REPORT
═══════════════════════════════════════
Skill: [name]
Source: [ClawdHub / GitHub / other]
Author: [username]
Version: [version]
───────────────────────────────────────
METRICS:
• Downloads/Stars: [count]
• Last Updated: [date]
• Files Reviewed: [count]
───────────────────────────────────────
RED FLAGS: [None / List them]
PERMISSIONS NEEDED:
• Files: [list or "None"]
• Network: [list or "None"]  
• Commands: [list or "None"]
───────────────────────────────────────
RISK LEVEL: [🟢 LOW / 🟡 MEDIUM / 🔴 HIGH / ⛔ EXTREME]
VERDICT: [✅ SAFE TO INSTALL / ⚠️ INSTALL WITH CAUTION / ❌ DO NOT INSTALL]
NOTES: [Any observations]
═══════════════════════════════════════

Quick Vet Commands

For GitHub-hosted skills:

# Check repo stats
curl -s "https://api.github.com/repos/OWNER/REPO" | jq '{stars: .stargazers_count, forks: .forks_count, updated: .updated_at}'
# List skill files
curl -s "https://api.github.com/repos/OWNER/REPO/contents/skills/SKILL_NAME" | jq '.[].name'
# Fetch and review SKILL.md
curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/skills/SKILL_NAME/SKILL.md"

Trust Hierarchy

• Official OpenClaw skills → Lower scrutiny (still review)
• High-star repos (1000+) → Moderate scrutiny
• Known authors → Moderate scrutiny
• New/unknown sources → Maximum scrutiny
• Skills requesting credentials → Human approval always

Remember

• No skill is worth compromising security
• When in doubt, don't install
• Ask your human for high-risk decisions
• Document what you vet for future reference

Paranoia is a feature. 🔒🦀