Before you install any skill from ClawdHub or GitHub, run it through this vetter. It walks you through a four step protocol: checking the source and author reputation, scanning code for red flags like external network calls or credential access, evaluating permission scope, and assigning a risk level from low to extreme. The red flag list is comprehensive and paranoid in a good way, covering things like base64 decoding, obfuscated code, and unauthorized access to identity files. It outputs a structured report with a clear verdict: safe to install, install with caution, or do not install. Think of it as a security checklist that forces you to actually read the code before running it.
npx skills add https://github.com/sundial-org/awesome-openclaw-skills --skill skill-vetter