clawhub-skill-vetting
Installation
SKILL.md
ClawHub Skill Vetting
Overview
Apply a strict, security‑first vetting workflow before installing any ClawHub skill. Prioritize code review, permission scope, domain listing, and risk scoring.
Workflow
- Source check — author reputation, stars/downloads, last update, reviews.
- Code review (MANDATORY) — scan all files for exfiltration, secrets access,
eval/exec, obfuscation. - Permission scope — files, commands, network; confirm minimal scope.
- Recent activity — detect suspicious bursts.
- Community check — Discord/GitHub Discussions.
- Install safely — sandbox + inspect permissions.
Reference
Use references/vetting-guide.md for the full checklist, commands, red flags, confidence scoring, and report template.