vetter▌

Security-first vetting protocol for AI agent skills. Never install a skill without vetting it first.

Security gate that scans skills for malicious code, vulnerabilities, and suspicious patterns before installation. \n \n Runs four integrated scanners: aguara (prompt injection detection), skill-analyzer (malicious patterns and CVE database), secrets-scan (hardcoded credentials), and structure-check (malformed files and dangerous configurations) \n Accepts ClawHub skill names, GitHub URLs, or local paths as input and returns a three-tier verdict: BLOCKED (critical/high findings), REVIEW (medium f

Pre-install security vetting for OpenClaw skills using a structured red-flag checklist. \n \n Evaluates metadata, permission scope, and content against critical, warning, and informational risk categories \n Detects typosquatting, credential file references, obfuscated content, and command injection patterns \n Flags high-risk permission combinations like network + shell that enable data exfiltration \n Produces a standardized vetting report with verdict (Safe/Warning/Danger/Block) and install r