Oathe Security Badge

Is skills/skill-vetter safe?

https://clawhub.ai/skills/skill-vetter

90
SAFE

This skill appears to be a legitimate security tool designed to help users vet other skills before installation. It provides comprehensive guidelines for identifying malicious skills and promotes security best practices, with only minor concerns about instructing external API calls to GitHub.

Category Scores

Prompt Injection 80/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

MEDIUM External API Instructions -20

The skill instructs the agent to make curl requests to GitHub API endpoints for repository analysis. While these appear legitimate for gathering public repository information, they represent instructions to access external URLs which could potentially be misused.

LOW Network Activity During Installation -10

Standard network connections to GitHub API servers (216.150.1.1:443) observed during skill installation process. This is expected behavior for ClawHub skill installation.