skill-vetting
Evaluates ClawHub skills for security and utility, ensuring safe installations and assessing third-party code effectively.
Install this skill
or
30/100
Security score
The skill-vetting skill was audited on Feb 18, 2026 and we found 10 security issues across 5 threat categories, including 2 critical. Review the findings below before installing.
Categories Tested
Security Issues
critical line 109
Direct command execution function call
SourceSKILL.md
| 109 | - eval()/exec() without justification |
critical line 109
Eval function call - arbitrary code execution
SourceSKILL.md
| 109 | - eval()/exec() without justification |
medium line 134
System command execution
SourceSKILL.md
| 134 | importlib.import_module('os').system('command') |
medium line 15
Curl to non-GitHub URL
SourceSKILL.md
| 15 | curl -L -o skill.zip "https://clawhub.ai/api/v1/download?slug=SKILL_NAME" |
medium line 33
Curl to non-GitHub URL
SourceSKILL.md
| 33 | curl -L -o skill.zip "https://clawhub.ai/api/v1/download?slug=SLUG" |
low line 20
Access to hidden dotfiles in home directory
SourceSKILL.md
| 20 | python3 ~/.openclaw/workspace/skills/skill-vetting/scripts/scan.py . |
low line 41
Access to hidden dotfiles in home directory
SourceSKILL.md
| 41 | python3 ~/.openclaw/workspace/skills/skill-vetting/scripts/scan.py . |
low line 136
Base64 decode operation
SourceSKILL.md
| 136 | __import__('base64').b64decode(b'...') |
low line 15
External URL reference
SourceSKILL.md
| 15 | curl -L -o skill.zip "https://clawhub.ai/api/v1/download?slug=SKILL_NAME" |
low line 33
External URL reference
SourceSKILL.md
| 33 | curl -L -o skill.zip "https://clawhub.ai/api/v1/download?slug=SLUG" |
Scanned on Feb 18, 2026
View Security DashboardInstall this skill with one command
/learn @openclaw/skill-vetting