Summary
This is the security scanner you run before installing any skill from ClawHub, GitHub, or wherever. It chains together four different scanners (aguara for prompt injection, skill-analyzer for known malicious patterns, secrets-scan for hardcoded credentials, and structure-check for basic validation) and gives you a single verdict: BLOCKED, REVIEW, or SAFE. The output is clear about what failed and why, which matters because it never auto-installs anything. You still make the final call. If you're building a marketplace or letting an AI agent install third-party code, this is the kind of gate you want in front of that process. Dependencies are standard dev tools plus a couple specialized scanners.
Install to Claude Code
npx -y skills add app-incubator-xyz/skill-vetter --skill skill-vetter --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →First SeenMay 16, 2026
