What breaks without openclaw skill vetter

Unreviewed skill permissions. Hidden network calls. Security gaps from blind installs.

→

Pre-installation security audit × static analysis against all commands ÷ 10–15 minutes ÷ no manual code reading = safe skill installs every time.

openclaw skill vetter — what it actually does

Audits third-party skills for security risks before installation.

Inspects commands, permissions, and network calls in a risk report.

Approves or blocks skills with /vet approve|block commands.

Supports enterprise approval workflows before team-wide rollouts.

Security check — openclaw skill vetter

Privacy score: 7/10 — accesses connected platform APIs only. Lock it: review OAuth scopes before install, confirm macOS, Linux; OpenClaw ≥1.0 compatibility.

Quick start — openclaw skill vetter in 10–15 minutes

Setup time: 10–15 minutes

You need: OpenClaw core

Install the package:

# Install via ClawhHub
clawhub install spclaudehome/skill-vetter

Install the skill

Run /vet <skill_id> to analyse a skill before installing it

Review the risk report

Approve or block with /vet approve|block <skill_id>

Troubleshooting openclaw skill vetter

1. Static analysis only — runtime behaviour not checked

2. False positives may flag legitimate network skills — review context before blocking

Compatibility & status

Works with: macOS, Linux; OpenClaw ≥1.0 intermediate Last updated: Oct 2025 ★ 135 on GitHub MIT

Official docs →

View on GitHub →

Related — more like openclaw skill vetter

Install unvetted skills and hand unknown code root access to your agent. Vet every skill before the next production install.

Get it on GitHub →

Skill Vetter