skill-vetter
π―Skillfrom useai-pro/openclaw-skills-security
|Security-first skills for the OpenClaw ecosystem providing skill auditing (typosquatting, permissions, prompt injection detection) and environment setup auditing (credential leaks, unsafe defaults, missing sandbox).
Overview
Security-first skills for the OpenClaw ecosystem that audit agent skills and environment setups for security vulnerabilities. Includes a skill-auditor for vetting third-party skills and a setup-auditor for checking workspace security, covering everything from typosquatting detection to credential leak scanning.
Key Features
- Skill auditing β Detects typosquatting and naming anomalies, dangerous permission combinations (network + shell), dependency supply chain attacks (install hooks, obfuscation), and prompt injection patterns (role hijacking, hidden instructions)
- Network exfiltration detection β Identifies suspicious endpoints, DNS tunneling, and data exfiltration via headers
- Setup auditing β Scans for exposed secrets (.env, keys, tokens with regex patterns), config hardening issues, sandbox readiness (Docker, resource limits), and persistence indicators (.bashrc, cron, git hooks)
- Content red flags β Catches credential paths, encoded commands, sudo usage, and other suspicious patterns
- Threat coverage matrix β Documentation mapping which checks catch which specific attack types
- Incident response playbook β Guidance on what to do if a compromise is detected
Who is this for?
Developers and security teams using OpenClaw or any agent skill ecosystem who want to vet third-party skills before installation. Essential for anyone concerned about supply chain attacks, prompt injection, or credential exposure in their AI agent environment.
Same repository
useai-pro/openclaw-skills-security(13 items)
Installation
npx vibeindex add useai-pro/openclaw-skills-security --skill skill-vetternpx skills add useai-pro/openclaw-skills-security --skill skill-vetter~/.claude/skills/skill-vetter/SKILL.mdSKILL.md
More from this repository10
A security-first skill that audits any SKILL.md before installation, checking for typosquatting, unsafe permissions, prompt injection, supply chain risks, and data exfiltration attempts.
A security-first skill for the OpenClaw ecosystem that audits SKILL.md files before installation, checking for typosquatting, permission issues, prompt injection, supply chain risks, and data exfiltration threats.
A Claude Code skill for hardening configurations as part of the OpenClaw security skills ecosystem, providing security auditing capabilities alongside specialized reusable security check modules.
An OpenClaw security skill that scans for credential leaks and hardcoded secrets in code, part of the UseAI.pro security-first skills collection.
An OpenClaw security skill that audits file and system permissions to detect overly permissive access configurations.
An OpenClaw security skill that sanitizes agent outputs to prevent data exfiltration and information leakage.
An OpenClaw security skill that audits project dependencies for known vulnerabilities and supply chain risks.
An OpenClaw security skill that monitors network activity and detects suspicious outbound connections from agent operations.
An OpenClaw security skill for automated security incident response, providing structured playbooks for handling security events.
A prompt guard skill from the OpenClaw security skills collection that audits SKILL.md files and environments for typosquatting, permissions issues, prompt injection, supply chain risks, and credential leaks.