DiscordSign up
SKILLS.SH

clawhub-skill-vetting

Security-first vetting workflow for evaluating ClawHub skills before installation. Mandatory code review scanning for exfiltration, secrets access, eval/exec, and obfuscation across all files Six-step vetting process covering source reputation, permission scope, recent activity, community feedback, and safe installation practices Produces structured SKILL VETTING REPORT with go/no-go recommendation, confidence scoring, and explicit red flag callouts Includes reference checklist with commands, risk indicators, and sandbox installation guidance for uncertain cases

INSTALLATION
npx skills add https://github.com/hugomrtz/skill-vetting-clawhub --skill clawhub-skill-vetting
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

ClawHub Skill Vetting

Overview

Apply a strict, security‑first vetting workflow before installing any ClawHub skill. Prioritize code review, permission scope, domain listing, and risk scoring.

Workflow

  • Source check — author reputation, stars/downloads, last update, reviews.
  • Code review (MANDATORY) — scan all files for exfiltration, secrets access, eval/exec, obfuscation.
  • Permission scope — files, commands, network; confirm minimal scope.
  • Recent activity — detect suspicious bursts.
  • Community check — Discord/GitHub Discussions.
  • Install safely — sandbox + inspect permissions.

Reference

Use **references/vetting-guide.md** for the full checklist, commands, red flags, confidence scoring, and report template.

Output expectations

  • Produce the SKILL VETTING REPORT format.
  • Provide a go/no‑go recommendation with reasons.
  • If unclear, recommend sandbox install only or reject.
  • Call out any red flags explicitly.
  • Include a confidence score and threshold.
BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

azure-compliance
3/3

Azure compliance scanning, Key Vault expiration auditing, and resource configuration validation. Runs azqr (Azure Quick Review) for comprehensive compliance assessment against best practices across subscriptions and resource groups Monitors Key Vault keys, secrets, and certificates for expiration dates and identifies items without expiration policies Detects orphaned, misconfigured, and non-compliant resources using Resource Graph queries Classifies findings by priority (Critical, High, Medium, Low) with remediation guidance for each issue

Verified authormicrosoft
SKILLS.SH
293K1.1K
2026-05-22
openclaw-secure-linux-cloud
1/3

Use when self-hosting OpenClaw on a cloud server, hardening a remote OpenClaw gateway, choosing between SSH tunneling, Tailscale, or reverse-proxy exposure, or…

xixu-me
SKILLS.SH
150K53
2026-05-22
entra-agent-id
3/3

Provision Microsoft Entra Agent Identity Blueprints, BlueprintPrincipals, and per-instance Agent Identities via Microsoft Graph, and configure OAuth 2.0 token…

Verified authormicrosoft
SKILLS.SH
59.1K1.1K
2026-05-21
firebase-security-rules-auditor
3/3

A skill to evaluate how secure Firestore security rules are. Use this when Firestore security rules are updated to ensure that the generated rules are…

firebase
SKILLS.SH
23.5K292
2026-05-21

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card