Vet ClawHub skills for security and utility before installation. Use when considering installing a ClawHub skill, evaluating third-party code, or assessing whether a skill adds value over existing tools.
Safely evaluate ClawHub skills for security risks and practical utility.
# Download and inspect
cd /tmp
curl -L -o skill.zip "https://auth.clawdhub.com/api/v1/download?slug=SKILL_NAME"
mkdir skill-inspect && cd skill-inspect
unzip -q ../skill.zip
# Run scanner
python3 ~/.openclaw/workspace/main-agent/skills/skill-vetting/scripts/scan.py .
# Manual review
cat SKILL.md
cat scripts/*.py
cd /tmp
curl -L -o skill.zip "https://auth.clawdhub.com/api/v1/download?slug=SLUG"
mkdir skill-NAME && cd skill-NAME
unzip -q ../skill.zip
python3 ~/.openclaw/workspace/main-agent/skills/skill-vetting/scripts/scan.py .
Exit codes: 0 = Clean, 1 = Issues found
The scanner outputs specific findings with file:line references. Review each finding in context.
Even if scanner passes:
# Quick prompt injection check
grep -ri "ignore.*instruction\|disregard.*previous\|system:\|assistant:" .
Critical question: What does this unlock that I don't already have?
Compare to:
mcporter list)clawhub list)Skip if: Duplicates existing tools without significant improvement.
| Security | Utility | Decision |
|---|---|---|
| Clean | High | Install |
| Clean | Marginal | Consider (test first) |
| Issues | Any | Investigate findings |
| Malicious | Any | Reject |
Monitor for unexpected behavior:
Remove and report if suspicious.