vet-repo
Scan repository agent configuration files for known malicious patterns.
Setup & Installation
Install command
clawhub install itsnishi/vet-repoIf the CLI is not installed:
Install command
npx clawhub@latest install itsnishi/vet-repoOr install with OpenClaw CLI:
Install command
openclaw skills install itsnishi/vet-repoor paste the repo link into your assistant's chat
Install command
https://github.com/openclaw/skills/tree/main/skills/itsnishi/vet-repoWhat This Skill Does
Scans a repository's agent configuration files for known malicious patterns before you trust or run its configurations. Checks Claude settings, skill files, MCP configs, and project instruction files. Outputs a severity-grouped report with recommendations.
Catches agent-level attack vectors like hook auto-approval, hidden curl|bash chains, and instruction injection that standard code review tools don't check for.
When to Use It
- Auditing a cloned open-source repo before running its agent setup
- Reviewing a contractor's codebase for injected agent instructions
- Checking for malicious hooks after a pull request modifies .claude/
- Security review before onboarding a new project with MCP integrations
- Catching prompt injection attempts hidden in CLAUDE.md files
Example Workflow
Here's how your AI assistant might use this skill in practice.
User asks: Auditing a cloned open-source repo before running its agent setup
- 1Auditing a cloned open-source repo before running its agent setup
- 2Reviewing a contractor's codebase for injected agent instructions
- 3Checking for malicious hooks after a pull request modifies .claude/
- 4Security review before onboarding a new project with MCP integrations
- 5Catching prompt injection attempts hidden in CLAUDE.md files
Scan repository agent configuration files for known malicious patterns.
Security Audits
These signals reflect official OpenClaw status values. A Suspicious status means the skill should be used with extra caution.