Engineering
skill-vetter avatar

skill-vetter

Security-first vetting protocol for AI agent skills. Detects red flags like credential theft, obfuscated code, and unauthorized data exfiltration before installation.

Introduction

The skill-vetter is a mandatory security-first protocol designed for developers and AI agent operators to perform comprehensive risk assessment on third-party skills before integrating them into their local environments. As the ecosystem for agentic workflows grows, the risk of malicious code, typosquatted packages, and credential harvesters increases. This skill provides a systematic framework to prevent unauthorized file system access, network exfiltration to unknown domains, and the execution of obfuscated or unsafe scripts. It is an essential safeguard for anyone utilizing platforms like ClawHub, GitHub repositories, or community-shared agent automation tools.

  • Automated security audit: Detects dangerous patterns like exec/eval calls with user input, base64 obfuscation, and unauthorized network connections.

  • Credential protection: Scans for attempts to access sensitive system files like ~/.ssh, ~/.aws, or environment configuration files.

  • Risk classification engine: Provides a clear 🟢LOW, 🟡MEDIUM, 🔴HIGH, and â›”EXTREME risk rating based on permissions and observed behavior.

  • Structured reporting: Generates a standardized vetting report that summarizes the skill source, metrics, identified red flags, and required permissions.

  • Source trust evaluation: Categorizes sources by trust levels, helping agents decide between high-scrutiny and maximum-scrutiny vetting workflows.

  • Permission scoping: Enforces the principle of least privilege by evaluating read/write access requirements and command execution scope.

  • Ideal for use before installing any skill from external registries, GitHub, or unknown agents.

  • Requires manual or automated code review to identify potential malicious intent beyond surface-level metadata.

  • Supports integration with bash, jq, and clawhub tools for rapid inspection of repository contents and popularity metrics.

  • Essential for environments handling sensitive data, API tokens, or high-privilege system operations.

  • Recommended to always prioritize the 'Principle of Least Privilege' when evaluating skill scope and access rights.

Repository Stats

Stars
4,431
Forks
1,204
Open Issues
7
Language
Python
Default Branch
main
Sync Status
Idle
Last Synced
Apr 29, 2026, 08:40 AM
View on GitHub