// Static analysis security scanner for third-party OpenClaw skills. Detects eval/spawn risks, malicious dependencies, typosquatting, and prompt injection patterns before installation. Use when vetting skills from ClawHub or untrusted sources.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | skill-vettr |
| version | 2.0.1 |
| author | britrik |
| description | Static analysis security scanner for third-party OpenClaw skills. Detects eval/spawn risks, malicious dependencies, typosquatting, and prompt injection patterns before installation. Use when vetting skills from ClawHub or untrusted sources. |
| tags | ["security","scanner","vetting","analysis","static-analysis"] |
| emoji | 🛡️ |
Security scanner for third-party OpenClaw skills. Analyses source code, dependencies, and metadata before installation using tree-sitter AST parsing and regex pattern matching.
/skill:vet --path <directory> — Vet a local skill directory/skill:vet-url --url <https://...> — Download and vet from URL/skill:vet-clawhub --skill <slug> — Fetch and vet from ClawHub| Category | Method | Examples |
|---|---|---|
| Code execution | AST | eval(), new Function(), vm.runInThisContext() |
| Shell injection | AST | exec(), execSync(), spawn("bash"), child_process imports |
| Dynamic require | AST | require(variable), require(templateString) |
| Prototype pollution | AST | proto assignment |
| Prompt injection | Regex | Instruction overrides, control tokens (in string literals) |
| Homoglyph attacks | Regex | Cyrillic/Greek lookalike characters in identifiers |
| Encoded names | Regex | Unicode/hex-escaped "eval", "exec" |
| Credential paths | Regex | .ssh/, .aws/, keychain path references |
| Network calls | AST | fetch() with literal URLs (checked against allowlist) |
| Malicious deps | Config | Known bad packages, lifecycle scripts, git/http deps |
| Typosquatting | Levenshtein | Skill names within edit distance 2 of targets |
| Dangerous permissions | Config | shell:exec, credentials:read in SKILL.md |
⚠️ This is a heuristic scanner with inherent limitations. It cannot guarantee safety.
fetch() with literal URL strings; misses axios, http module, dynamic URLsFor high-security environments, combine with sandboxing and manual source review.