clawhub-skill-vetting
SKILL.md
ClawHub Skill Vetting
Overview
Apply a strict, security‑first vetting workflow before installing any ClawHub skill. Prioritize code review, permission scope, domain listing, and risk scoring.
Workflow
- Source check — author reputation, stars/downloads, last update, reviews.
- Code review (MANDATORY) — scan all files for exfiltration, secrets access,
eval/exec, obfuscation. - Permission scope — files, commands, network; confirm minimal scope.
- Recent activity — detect suspicious bursts.
- Community check — Discord/GitHub Discussions.
- Install safely — sandbox + inspect permissions.
Reference
Use references/vetting-guide.md for the full checklist, commands, red flags, confidence scoring, and report template.
Output expectations
- Produce the SKILL VETTING REPORT format.
- Provide a go/no‑go recommendation with reasons.
- If unclear, recommend sandbox install only or reject.
- Call out any red flags explicitly.
- Include a confidence score and threshold.
Weekly Installs
1.1K
Repository
hugomrtz/skill-…-clawhubGitHub Stars
4
First Seen
Feb 27, 2026
Security Audits
Installed on
codex1.0K
opencode1.0K
gemini-cli1.0K
cursor1.0K
amp1.0K
github-copilot1.0K