Skill Vetter — Multi-scanner Security Gate
from skill-vetter17
Runs multiple static and heuristic scanners against incoming skills before installation; detects prompt injection, secrets, and known malicious patterns and rep
What it does
Skill Vetter is a security gate designed to scan AI agent skills before installation. It orchestrates multiple scanners (aguara, skill-analyzer, secrets-scan, structure-check) to detect prompt injection, obfuscated code, hardcoded secrets, malformed SKILL.md, and other risky patterns. The skill produces a clear verdict (BLOCKED / REVIEW / SAFE) and a human-readable report that lists which scanners ran and their findings.
When to use it
Invoke this skill whenever a user proposes installing or adding a third-party skill from ClawHub, GitHub, or any external source. It is intended as a manual pre-install check: run Skill Vetter before installation and always review the findings before proceeding.
What's included
- Scripts: the repo documents scanning scripts (check-deps.sh, vett.sh) though none were surfaced in the fetched sibling_files metadata
- References: scanners referenced (aguara, skill-analyzer, secrets-scan, structure-check) and example output formatting
- Instructions: how to run dependency checks and the full scan command, plus interpretation guidance for PASS/REVIEW/BLOCKED verdicts
Compatible agents
Security-focused agents and installation workflows (OpenClaw installers, Claude Code with secure runtimes, or CI hooks) that need to vet skill packages prior to automated install.
Tags
Information
- Repository
- skill-vetter
- Stars
- 17
- Installs
- 0
