Skills Plugins Jobs Pricing
← Back to Skills
Automation

publish-skill-vettr

britrik By britrik 👁 5 views ▲ 0 votes

Static analysis security scanner for third-party

GitHub 
---
name: skill-vettr
version: "2.0.1"
author: britrik
description: Static analysis security scanner for third-party OpenClaw skills. Detects eval/spawn risks, malicious dependencies, typosquatting, and prompt injection patterns before installation. Use when vetting skills from ClawHub or untrusted sources.
tags: ["security", "scanner", "vetting", "analysis", "static-analysis"]
emoji: "🛡️"
---

# skill-vettr v2.0.1

Security scanner for third-party OpenClaw skills. Analyses source code, dependencies, and metadata before installation using tree-sitter AST parsing and regex pattern matching.

## Commands

- `/skill:vet --path <directory>` — Vet a local skill directory
- `/skill:vet-url --url <https://...>` — Download and vet from URL
- `/skill:vet-clawhub --skill <slug>` — Fetch and vet from ClawHub

## Detection Categories

| Category | Method | Examples |
|----------|--------|----------|
| Code execution | AST | eval(), new Function(), vm.runInThisContext() |
| Shell injection | AST | exec(), execSync(), spawn("bash"), child_process imports |
| Dynamic require | AST | require(variable), require(templateString) |
| Prototype pollution | AST | __proto__ assignment |
| Prompt injection | Regex | Instruction overrides, control tokens (in string literals) |
| Homoglyph attacks | Regex | Cyrillic/Greek lookalike characters in identifiers |
| Encoded names | Regex | Unicode/hex-escaped "eval", "exec" |
| Credential paths | Regex | .ssh/, .aws/, keychain path references |
| Network calls | AST | fetch() with literal URLs (checked against allowlist) |
| Malicious deps | Config | Known bad packages, lifecycle scripts, git/http deps |
| Typosquatting | Levenshtein | Skill names within edit distance 2 of targets |
| Dangerous permissions | Config | shell:exec, credentials:read in SKILL.md |

## Limitations

> ⚠️ **This is a heuristic scanner with inherent limitations. It cannot guarantee safety.**

- **Static analysis only** — Cannot detect runtime behaviour (e.g., code that fetches malware after install)
- **Evasion possible** — Sophisticated obfuscation or multi-stage string construction can evade detection
- **JS/TS only** — Binary payloads, images, and non-text files are skipped
- **Limited network detection** — Only detects `fetch()` with literal URL strings; misses axios, http module, dynamic URLs
- **No sandboxing** — Does not execute or isolate target code
- **Comment scanning** — Prompt injection detection scans string literals, not comments

For high-security environments, combine with sandboxing and manual source review.
automation

Comments

Sign in to leave a comment

Loading comments...

Similar Skills in Automation

coder-workspaces

coder-workspaces

Manage Coder workspaces and AI coding agent tasks

1
douban-sync-skill

douban-sync-skill

Export and sync Douban (豆瓣) book/movie/music/game collections.

0
udau

udau

description: Union protocol for AI agents.

0
towns-protocol

towns-protocol

Use when building Towns Protocol bots - covers SDK

0
og-openclawguard

og-openclawguard

Security and vulnerability scanner for OpenClaw code

0
mrdahut-comcoo

mrdahut-comcoo

\# ARBITER: The Foundation for Human Flourishing

0