Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Why this rating
Deterministic checks triggered by the tool capabilities and evidence.
- Locality: Hybrid
Uses GitHub API and raw content endpoints to inspect remote skill sources.
- Data access: Public
Focuses on repository metadata and skill files from source control.
- Action surface: Read
Returns risk classification and install verdict without performing installation.
Best practices
Follow these steps to reduce risk when using this skill.
- Pin vetting results to a specific commit hash before installation.
- Require human approval for HIGH or EXTREME risk classifications.
- Re-run vetting whenever the upstream skill version changes.
Evidence links
Public sources backing the indicator assignments.
Always be careful when navigating away from the website.
Max-risk rule
If any capability reaches a higher level, the entire indicator level bumps up to keep ratings deterministic and easy to scan.