clawhub-skill-vetting
Security-first vetting workflow for evaluating ClawHub skills before installation.
Works with
What it does
Mandatory code review scanning for exfiltration, secrets access, eval/exec, and obfuscation across all files
Six-step vetting process covering source reputation, permission scope, recent activity, community feedback, and safe installation practices
Produces structured SKILL VETTING REPORT with go/no-go recommendation, confidence scoring, and explicit red flag callouts
Includes reference checklist wi
Installation Guide
How to use clawhub-skill-vetting on Cursor
AI-first code editor with Composer
Prerequisites
Before installing skills in Cursor, ensure your development environment meets these requirements:
- βΊCursor installed and configured on your machine
- βΊNode.js 16+ with npm β verify with
node --version - βΊActive project directory where you want to add
clawhub-skill-vetting
Run the install command
Execute the skills CLI command in your project's root directory to begin installation:
Fetches clawhub-skill-vetting from hugomrtz/skill-vetting-clawhub and configures it for Cursor.
Select Cursor when prompted
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Verify installation
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate clawhub-skill-vetting. Access via /clawhub-skill-vetting in your agent's command palette.
Security Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Documentation
ClawHub Skill Vetting
Overview
Apply a strict, securityβfirst vetting workflow before installing any ClawHub skill. Prioritize code review, permission scope, domain listing, and risk scoring.
Workflow
- Source check β author reputation, stars/downloads, last update, reviews.
- Code review (MANDATORY) β scan all files for exfiltration, secrets access,
eval/exec, obfuscation. - Permission scope β files, commands, network; confirm minimal scope.
- Recent activity β detect suspicious bursts.
- Community check β Discord/GitHub Discussions.
- Install safely β sandbox + inspect permissions.
Reference
Use references/vetting-guide.md for the full checklist, commands, red flags, confidence scoring, and report template.
Output expectations
- Produce the SKILL VETTING REPORT format.
- Provide a go/noβgo recommendation with reasons.
- If unclear, recommend sandbox install only or reject.
- Call out any red flags explicitly.
- Include a confidence score and threshold.
List & Monetize Your Skill
Submit your Claude Code skill and start earning
Use Cases
User Story & Requirements Generation
Create detailed user stories, acceptance criteria, and feature specs
Example
Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios
Reduce spec writing time by 50%, ensure comprehensive coverage
Competitive Analysis
Research competitors, compare features, identify gaps
Example
Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities
Complete competitive research in 2 hours instead of 2 days
Roadmap Prioritization
Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs
Example
Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale