Home/HR 与招聘/clawhub-skill-vetting
C

clawhub-skill-vetting

by @hugomrtzv
4.6(3)

Execute a strict security-first vetting process before installing ClawHub skills, prioritizing code review, permission scope, and domain listing.

Skill AssessmentHR TechCandidate ScreeningTechnical InterviewsGitHub
Installation
npx skills add hugomrtz/skill-vetting-clawhub --skill clawhub-skill-vetting
compare_arrows

Before / After Comparison

1
Before

Before installing new AI skills, manually conducting code reviews, permission assessments, and risk scoring is a time-consuming process prone to overlooking security vulnerabilities, especially when dealing with a large number of skills.

After

ClawHub's skill review enforces a strict, security-first review workflow, automating code scanning (detecting data leaks, secret access, etc.), permission scope assessment, and risk scoring, significantly improving the efficiency and reliability of AI skill security reviews.

description SKILL.md

clawhub-skill-vetting

ClawHub Skill Vetting

Overview

Apply a strict, security‑first vetting workflow before installing any ClawHub skill. Prioritize code review, permission scope, domain listing, and risk scoring.

Workflow

  • Source check — author reputation, stars/downloads, last update, reviews.

  • Code review (MANDATORY) — scan all files for exfiltration, secrets access, eval/exec, obfuscation.

  • Permission scope — files, commands, network; confirm minimal scope.

  • Recent activity — detect suspicious bursts.

  • Community check — Discord/GitHub Discussions.

  • Install safely — sandbox + inspect permissions.

Reference

Use references/vetting-guide.md for the full checklist, commands, red flags, confidence scoring, and report template.

Output expectations

  • Produce the SKILL VETTING REPORT format.

  • Provide a go/no‑go recommendation with reasons.

  • If unclear, recommend sandbox install only or reject.

  • Call out any red flags explicitly.

  • Include a confidence score and threshold.

Weekly Installs1.1KRepositoryhugomrtz/skill-…-clawhubGitHub Stars4First SeenFeb 27, 2026Security AuditsGen Agent Trust HubPassSocketPassSnykWarnInstalled oncodex1.1Kopencode1.1Kgemini-cli1.1Kcursor1.1Kamp1.1Kgithub-copilot1.1K

forumUser Reviews (0)

Write a Review

Effect
Usability
Docs
Compatibility

No reviews yet

Statistics

Installs200
Rating4.6 / 5.0
Version
Updated2026年3月17日
Comparisons1

User Rating

4.6(3)
5
0%
4
0%
3
0%
2
0%
1
0%

Rate this Skill

0.0

Compatible Platforms

🔧Claude Code
🔧OpenClaw
🔧OpenCode
🔧Codex
🔧Gemini CLI
🔧GitHub Copilot
🔧Amp
🔧Kimi CLI

Timeline

Created2026年3月17日
Last Updated2026年3月17日