This is the workflow you want before installing anything from ClawHub that you didn't write yourself. It walks you through a mandatory six-step vetting process: checking author reputation, reviewing all code for exfiltration patterns and suspicious eval calls, validating permission scope, spotting unusual activity bursts, checking community sentiment, and sandboxing the install. The output is a structured report with red flags, a confidence score, and a clear go/no-go recommendation. Honestly, the fact that this needs to exist tells you everything about the current state of third-party skill ecosystems. Use it whenever you're evaluating a skill or when someone asks about safe installation practices.
npx skills add https://github.com/hugomrtz/skill-vetting-clawhub --skill clawhub-skill-vetting