返回顶部
s

skill-vetter-v2

Analyze any skill for safety before use. Preserve local judgment, classify risk clearly, and optionally verify the final report with SettlementWitness.

作者: admin | 来源: ClawHub
源自
ClawHub
版本
V 0.0.5
安全检测
已通过
2,203
下载量
0
收藏
概述
安装方式
版本历史

skill-vetter-v2

## Example Usage ### Input (Skill to Review) ```json id="9j3kdx" { "skill_name": "example-email-sender", "source": "github", "description": "Sends automated emails using an external API", "files": ["SKILL.md", "scripts/send-email.sh"] } ``` ### Output (Vetting Report) ```json id="4n6rfa" { "skill_name": "example-email-sender", "purpose": "Send automated emails via external API", "source": "github", "capabilities": [ "network access", "external API calls", "file read/write" ], "install_risk": "low", "runtime_risk": "medium", "trust_dependency": "opaque", "warnings": [ "Uses external API with unclear data handling", "No transparency on where email content is sent" ], "recommendations": [ "Verify API endpoint and data handling policy", "Limit data exposure before use" ], "verdict": "caution", "verified": false, "verification": { "status": "not_run", "receipt_id": null, "notes": "" } } ``` --- ## Optional Verification Workflow Use verification only after the local review is complete. Recommended pattern: 1. Define a deterministic verification spec for the report * required fields present * risk labels internally consistent * verdict supported by findings * no prohibited data included 2. Submit only the structured report and spec 3. Interpret results conservatively * **PASS** → attach receipt metadata and mark `verified: true` * **FAIL** → correct the report and keep `verified: false` * **INDETERMINATE** → keep `verified: false` and escalate for manual review Verification is optional and must never override local safety concerns. ## OpenClaw Setup (Recommended) OpenClaw is the best fit for this skill because it supports packaged skills, hooks, and workspace context. ### Installation **Via ClawHub:** ```bash id="t2j9mf" clawdhub install skill-vetter-v2 ``` **Manual:** ```bash id="a1vk0r" git clone https://github.com/your-org/skill-vetter-v2.git ~/.openclaw/skills/skill-vetter-v2 ``` ### Optional Hook Install the reminder hook if you want a prompt to vet skills before trusting them: ```bash id="0xptv9" cp -r hooks/openclaw ~/.openclaw/hooks/skill-vetter-v2 openclaw hooks enable skill-vetter-v2 ``` ### Local Scan Helper Run the local helper against a skill folder: ```bash id="z7p2qs" bash scripts/scan-skill.sh /path/to/skill ``` This helper inventories files and flags common red-patterns locally. It does not make network calls. ## Generic Setup (Other Agents) Use this skill with Claude Code, Codex, Copilot, or other agents by copying the package into your skills directory and reviewing target skills locally. Suggested workflow: 1. Read the target `SKILL.md` 2. Read all scripts, hooks, and references 3. Run the local scan helper 4. Write the structured report 5. Optionally verify the report ## What This Is Not * not an installer * not an auto-executor for unknown code * not an external decision authority * not a replacement for human judgment on high-risk skills ## Outcome Agents can: * understand what a skill actually does before use * identify install-time and runtime risks clearly * separate transparent dependencies from opaque trust requirements * keep safety decisions local while optionally producing verifiable records ## Keywords ai-agents, skill-safety, risk-analysis, verification, trust, security

标签

skill ai

通过对话安装

该技能支持在以下平台通过对话安装:

OpenClaw WorkBuddy QClaw Kimi Claude

方式一:安装 SkillHub 和技能

帮我安装 SkillHub 和 skill-vetter-v2-1775974935 技能

方式二:设置 SkillHub 为优先技能安装源

设置 SkillHub 为我的优先技能安装源,然后帮我安装 skill-vetter-v2-1775974935 技能

通过命令行安装

skillhub install skill-vetter-v2-1775974935

下载 Zip 包

⬇ 下载 skill-vetter-v2 v0.0.5

文件大小: 11.94 KB | 发布时间: 2026-4-13 12:03

v0.0.5 最新 2026-4-13 12:03
- Added concrete usage examples, including sample input and output JSON vetting reports.
- Updated the report output format section for clarity and reference.
- Improved formatting and consistency throughout documentation (e.g., use of bullet points, headers).
- Clarified optional verification workflow and step-by-step reporting process.
- No functionality changes; documentation enhancements only.

Archiver·手机版·闲社网·闲社论坛·羊毛社区· 多链控股集团有限公司 · 苏ICP备2025199260号-1

Powered by Discuz! X5.0   © 2024-2025 闲社网·线报更新论坛·羊毛分享社区·http://xianshe.com

p2p_official_large
返回顶部