{ "schemaVersion": "1.0", "item": { "slug": "skill-vettr", "name": "Skill Vettr", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/britrik/skill-vettr", "canonicalUrl": "https://clawhub.ai/britrik/skill-vettr", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/skill-vettr", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-vettr", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ ".gitignore", "package-lock.json", "package.json", "readme.md", "skill.md", "tsconfig.json" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/skill-vettr" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/skill-vettr", "agentPageUrl": "https://openagent3.xyz/skills/skill-vettr/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-vettr/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-vettr/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "skill-vettr v2.0.3", "body": "Security scanner for third-party OpenClaw skills. Analyses source code, dependencies, and metadata before installation using tree-sitter AST parsing and regex pattern matching." }, { "title": "Installation", "body": "npm install\n\nThis installs all Node.js dependencies, including tree-sitter .wasm grammar files required at runtime for AST-based analysis. The .wasm files are located in node_modules and must be present for the skill to function.\n\n⚠️ Install safety: npm install runs dependency lifecycle scripts, which can execute arbitrary code. For stronger isolation, run npm ci --ignore-scripts — but note that tree-sitter native/WASM artifacts may not build, breaking AST analysis. Prefer installing inside a container or VM when possible." }, { "title": "External Binaries", "body": "The vet-url and vet-clawhub commands invoke external binaries via execSafe (which uses execFile — no shell is spawned). Only the following commands are permitted:\n\nBinaryUsed ByPurposegitvet-urlClone .git URLs (with hooks disabled)curlvet-urlDownload archive URLstarvet-urlExtract downloaded archivesclawhubvet-clawhubFetch skills from ClawHub registry\n\nThe /skill:vet command (local path vetting) requires only node and no external binaries." }, { "title": "Commands", "body": "/skill:vet --path — Vet a local skill directory\n/skill:vet-url --url — Download and vet from URL\n/skill:vet-clawhub --skill — Fetch and vet from ClawHub" }, { "title": "Detection Categories", "body": "CategoryMethodExamplesCode executionASTeval(), new Function(), vm.runInThisContext()Shell injectionASTexec(), execSync(), spawn(\"bash\"), child_process importsDynamic requireASTrequire(variable), require(templateString)Prototype pollutionASTproto assignmentPrompt injectionRegexInstruction override patterns, control tokens (in string literals)Homoglyph attacksRegexCyrillic/Greek lookalike characters in identifiersEncoded namesRegexUnicode/hex-escaped \"eval\", \"exec\"Credential pathsRegexCloud and SSH credential directory references, system credential store accessNetwork callsASTfetch() with literal URLs (checked against allowlist)Malicious depsConfigKnown bad packages, lifecycle scripts, git/http depsTyposquattingLevenshteinSkill names within edit distance 2 of targetsDangerous permissionsConfigshell:exec, credentials:read in SKILL.md" }, { "title": "Limitations", "body": "⚠️ This is a heuristic scanner with inherent limitations. It cannot guarantee safety.\n\nStatic analysis only — Cannot detect runtime behaviour (e.g., code that fetches malware after install)\nEvasion possible — Sophisticated obfuscation or multi-stage string construction can evade detection\nJS/TS only — Binary payloads, images, and non-text files are skipped\nLimited network detection — Only detects fetch() with literal URL strings; misses axios, http module, dynamic URLs\nNo sandboxing — Does not execute or isolate target code\nComment scanning — Prompt injection detection scans string literals, not comments\nFilesystem scope — vet-url downloads and extracts remote archives into a temp directory; vet accepts paths under os.tmpdir(), ~/.openclaw, and ~/Downloads by default. Set allowCwd: true in config to also permit process.cwd() (see Configuration below)\nExternal binary trust — vet-url and vet-clawhub invoke git, curl, tar, and clawhub via execFile. These binaries must be trusted and present on PATH\n\nFor high-security environments, combine with sandboxing, network isolation, and manual source review. Run inside a disposable container when vetting untrusted URLs." }, { "title": "allowCwd", "body": "By default, process.cwd() is not included in the set of allowed vetting roots. The default allowed roots are:\n\nos.tmpdir()\n~/.openclaw\n~/Downloads\n\nTo allow vetting paths under the current working directory, set allowCwd: true in your vetting config:\n\n{\n \"allowCwd\": true\n}\n\n⚠️ Security implication: Enabling allowCwd means the scanner will accept any path under the directory you launched it from. If you run from / or $HOME, this effectively grants access to your entire filesystem. Only enable this when running from a scoped project directory or inside a container." }, { "title": ".vettrignore", "body": "Place a .vettrignore file in the root of the skill directory being scanned to exclude files or directories from analysis. This is useful for excluding test fixtures that contain deliberate malicious patterns." }, { "title": "Format", "body": "One glob pattern per line\nLines starting with # are comments\nEmpty lines are ignored\nPatterns ending with / match entire directories\n* matches any sequence of non-separator characters\n** matches any sequence including path separators (recursive)\n? matches a single non-separator character" }, { "title": "Example", "body": "# Exclude test fixtures containing deliberate prompt injection vectors\ntest/fixtures/\n\n# Exclude generated files\ndist/\n*.min.js\n\nIf the .vettrignore file is unreadable or contains invalid UTF-8, the engine logs an INFO-level warning and proceeds with a full scan." } ], "body": "skill-vettr v2.0.3\n\nSecurity scanner for third-party OpenClaw skills. Analyses source code, dependencies, and metadata before installation using tree-sitter AST parsing and regex pattern matching.\n\nInstallation\nnpm install\n\n\nThis installs all Node.js dependencies, including tree-sitter .wasm grammar files required at runtime for AST-based analysis. The .wasm files are located in node_modules and must be present for the skill to function.\n\n⚠️ Install safety: npm install runs dependency lifecycle scripts, which can execute arbitrary code. For stronger isolation, run npm ci --ignore-scripts — but note that tree-sitter native/WASM artifacts may not build, breaking AST analysis. Prefer installing inside a container or VM when possible.\n\nExternal Binaries\n\nThe vet-url and vet-clawhub commands invoke external binaries via execSafe (which uses execFile — no shell is spawned). Only the following commands are permitted:\n\nBinary\tUsed By\tPurpose\ngit\tvet-url\tClone .git URLs (with hooks disabled)\ncurl\tvet-url\tDownload archive URLs\ntar\tvet-url\tExtract downloaded archives\nclawhub\tvet-clawhub\tFetch skills from ClawHub registry\n\nThe /skill:vet command (local path vetting) requires only node and no external binaries.\n\nCommands\n/skill:vet --path — Vet a local skill directory\n/skill:vet-url --url — Download and vet from URL\n/skill:vet-clawhub --skill — Fetch and vet from ClawHub\nDetection Categories\nCategory\tMethod\tExamples\nCode execution\tAST\teval(), new Function(), vm.runInThisContext()\nShell injection\tAST\texec(), execSync(), spawn(\"bash\"), child_process imports\nDynamic require\tAST\trequire(variable), require(templateString)\nPrototype pollution\tAST\tproto assignment\nPrompt injection\tRegex\tInstruction override patterns, control tokens (in string literals)\nHomoglyph attacks\tRegex\tCyrillic/Greek lookalike characters in identifiers\nEncoded names\tRegex\tUnicode/hex-escaped \"eval\", \"exec\"\nCredential paths\tRegex\tCloud and SSH credential directory references, system credential store access\nNetwork calls\tAST\tfetch() with literal URLs (checked against allowlist)\nMalicious deps\tConfig\tKnown bad packages, lifecycle scripts, git/http deps\nTyposquatting\tLevenshtein\tSkill names within edit distance 2 of targets\nDangerous permissions\tConfig\tshell:exec, credentials:read in SKILL.md\nLimitations\n\n⚠️ This is a heuristic scanner with inherent limitations. It cannot guarantee safety.\n\nStatic analysis only — Cannot detect runtime behaviour (e.g., code that fetches malware after install)\nEvasion possible — Sophisticated obfuscation or multi-stage string construction can evade detection\nJS/TS only — Binary payloads, images, and non-text files are skipped\nLimited network detection — Only detects fetch() with literal URL strings; misses axios, http module, dynamic URLs\nNo sandboxing — Does not execute or isolate target code\nComment scanning — Prompt injection detection scans string literals, not comments\nFilesystem scope — vet-url downloads and extracts remote archives into a temp directory; vet accepts paths under os.tmpdir(), ~/.openclaw, and ~/Downloads by default. Set allowCwd: true in config to also permit process.cwd() (see Configuration below)\nExternal binary trust — vet-url and vet-clawhub invoke git, curl, tar, and clawhub via execFile. These binaries must be trusted and present on PATH\n\nFor high-security environments, combine with sandboxing, network isolation, and manual source review. Run inside a disposable container when vetting untrusted URLs.\n\nConfiguration\nallowCwd\n\nBy default, process.cwd() is not included in the set of allowed vetting roots. The default allowed roots are:\n\nos.tmpdir()\n~/.openclaw\n~/Downloads\n\nTo allow vetting paths under the current working directory, set allowCwd: true in your vetting config:\n\n{\n \"allowCwd\": true\n}\n\n\n⚠️ Security implication: Enabling allowCwd means the scanner will accept any path under the directory you launched it from. If you run from / or $HOME, this effectively grants access to your entire filesystem. Only enable this when running from a scoped project directory or inside a container.\n\n.vettrignore\n\nPlace a .vettrignore file in the root of the skill directory being scanned to exclude files or directories from analysis. This is useful for excluding test fixtures that contain deliberate malicious patterns.\n\nFormat\nOne glob pattern per line\nLines starting with # are comments\nEmpty lines are ignored\nPatterns ending with / match entire directories\n* matches any sequence of non-separator characters\n** matches any sequence including path separators (recursive)\n? matches a single non-separator character\nExample\n# Exclude test fixtures containing deliberate prompt injection vectors\ntest/fixtures/\n\n# Exclude generated files\ndist/\n*.min.js\n\n\nIf the .vettrignore file is unreadable or contains invalid UTF-8, the engine logs an INFO-level warning and proceeds with a full scan." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/britrik/skill-vettr", "publisherUrl": "https://clawhub.ai/britrik/skill-vettr", "owner": "britrik", "version": "2.0.3", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/skill-vettr", "downloadUrl": "https://openagent3.xyz/downloads/skill-vettr", "agentUrl": "https://openagent3.xyz/skills/skill-vettr/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-vettr/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-vettr/agent.md" } }