全部技能 分类浏览
← 返回
未分类 中文

Skill Vetter Plus

Security scanner for AI agent skills. 9 built-in detection signatures. Identifies secrets, unsafe execution patterns, and prompt injection. Sub-50ms results.
AI代理技能安全扫描器。9个内置检测签名,识别密钥、不安全执行模式和提示词注入。50毫秒内出结果。
certainlogicai
未分类 clawhub v2.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 393
下载
💾 1
安装
1
版本
#latest

概述

Skill Vetter Plus

What It Does

Scans AI agent skills for security issues:

  • 9 built-in detection signatures (secrets, execution, prompt injection)
  • Sub-50ms scan time
  • Run before installing any unknown skill

How to Use

# Scan any skill directory
python3 scripts/vetter.py /path/to/installed/skill

# JSON output for piping
python3 scripts/vetter.py /path/to/skill --json

Signatures

IDSeverityWhat It Finds
---------
hardcoded-api-keyhighapi_key, api-key
hardcoded-secrethighsecret_key, secret-token, auth_token
hardcoded-passwordhighpassword
unsafe-evalcriticaleval(
unsafe-execcriticalexec(
unsafe-os-systemcriticalos.system(
subprocess-shell-truehighshell=True
raw-networkmediumurllib.request, requests.post/get
prompt-injectioncriticalignore previous instructions, ignore the above

What It Does NOT Do

  • No AST analysis (text matching only)
  • Cannot detect control-flow obfuscation
  • Cannot analyze compiled binaries
  • Not a replacement for manual code review

Results

Scanned 12 files in 23ms
Found 1 issue(s):
  [CRITICAL] unsafe-eval at /skill/scripts/mail.py:45
    → eval() can execute arbitrary code (matched: 'eval(')

Pro Upgrade

FeaturePro ($49)
------
Real-time scanning
Weekly signature updates
Team sharing
Custom signatures
Priority support

Limitations

  • Text-based pattern matching
  • Cannot detect all malware — only patterns in the signature database

Attribution

  • Built by: CertainLogic
  • Concept: Skill security pre-checking (industry standard practice)

Links

  • GitHub: https://github.com/CertainLogicAI/skill-vetter-plus
  • ClawHub: https://clawhub.ai/certainlogicai/skill-vetter-plus
  • Docs: https://certainlogic.ai/docs/skill-vetter-plus

Built by CertainLogic

版本历史

共 1 个版本

  • v2.0.0 当前
    2026-05-08 13:09 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

Certainlogic Smart Router

certainlogicai
⚠️ 已弃用 — 请改用 smart-router-coding 或 smart-router-intents。
★ 0 📥 430

CertainLogic Context Manager

certainlogicai
Prevent AI session token bloat and runaway costs. Tracks query count per session, warns at a configurable threshold, aut
★ 0 📥 363

Skill Oracle

certainlogicai
技能预言 — 精心整理的高质量 ClawHub 技能文档,Markdown 表格指示代理哪些工具可用、哪些为空,非 API 或代码库。
★ 0 📥 472

Skill工具集 © 2026