clawhub-skill-vetting

ClawHub Skill Vetting Overview Apply a strict, security‑first vetting workflow before installing any ClawHub skill. Prioritize code review, permission scope, domain listing, and risk scoring. Workflow Source check — author reputation, stars/downloads, last update, reviews. Code review (MANDATORY) — scan all files for exfiltration, secrets access, eval/exec , obfuscation. Permission scope — files, commands, network; confirm minimal scope. Recent activity — detect suspicious bursts. Community check — Discord/GitHub Discussions. Install safely — sandbox + inspect permissions. Reference Use references/vetting-guide.md for the full checklist, commands, red flags, confidence scoring, and report template. Output expectations Produce the SKILL VETTING REPORT format. Provide a go/no‑go recommendation with reasons. If unclear, recommend sandbox install only or reject . Call out any red flags explicitly. Include a confidence score and threshold.