vet-repo
Scan repository agent configuration files for known malicious patterns.
Setup & Installation
Install command
clawhub install itsnishi/vet-repoIf the CLI is not installed:
Install command
npx clawhub@latest install itsnishi/vet-repoOr install with OpenClaw CLI:
Install command
openclaw skills install itsnishi/vet-repoor paste the repo link into your assistant's chat
Install command
https://github.com/openclaw/skills/tree/main/skills/itsnishi/vet-repoWhat This Skill Does
Scans a repository's agent configuration files for known malicious patterns before you trust or run its configurations. Checks Claude settings, skill files, MCP configs, and project instruction files. Outputs a severity-grouped report with recommendations.
Catches agent-level attack vectors like hook auto-approval, hidden curl|bash chains, and instruction injection that standard code review tools don't check for.
When to Use It
- Auditing a cloned open-source repo before running its agent setup
- Reviewing a contractor's codebase for injected agent instructions
- Checking for malicious hooks after a pull request modifies .claude/
- Security review before onboarding a new project with MCP integrations
- Catching prompt injection attempts hidden in CLAUDE.md files
View original SKILL.md file
# vet-repo -- Repository Agent Config Scanner
Scan all agent configuration files in a repository for known malicious patterns. Use this when entering an unfamiliar codebase to assess agent-level security risks before trusting the repo's configurations.
## What to do
Run the scanner script against the current project root:
```bash
python3 "$SKILL_DIR/scripts/vet_repo.py" "$PROJECT_ROOT"
```
Where `$SKILL_DIR` is the directory containing this SKILL.md, and `$PROJECT_ROOT` is the root of the repository being scanned.
## What it scans
- `.claude/settings.json` -- hook configs (auto-approve, stop loops, env persistence)
- `.claude/skills/` -- all SKILL.md files (hidden comments, curl|bash, persistence triggers)
- `.mcp.json` -- MCP server configs (unknown URLs, env var expansion, broad tools)
- `CLAUDE.md` / `.claude/CLAUDE.md` -- instruction injection in project config
## Output
Structured report with findings grouped by severity (CRITICAL, HIGH, MEDIUM, LOW, INFO) and actionable recommendations for each finding.
## When to use
- Before trusting a cloned repository's agent configurations
- After pulling changes that modify `.claude/` or `.mcp.json`
- As part of a security review of any codebase with agent integration
## Advisory hooks
This repository includes PreToolUse hooks in `.claude/settings.json` that warn on
dangerous Bash commands (pipe-to-shell, `rm -rf /`, `chmod 777`, eval with variables,
base64-to-execution) and sensitive file writes (`.ssh/`, `.aws/`, `.gnupg/`, shell
profiles, `settings.json`).
These hooks are **advisory only** -- they produce warning messages but do not block
execution. An agent or user can proceed past the warning.
- The hooks are a supplementary signal, not an enforcement layer
- vet-repo is the primary detection mechanism for repo-level threats
- Deterministic blocking requires changing the hook to return
`{"decision": "block"}` instead of a warning message
- See `.claude/settings.json` for the current hook definitions
Example Workflow
Here's how your AI assistant might use this skill in practice.
User asks: Auditing a cloned open-source repo before running its agent setup
- 1Auditing a cloned open-source repo before running its agent setup
- 2Reviewing a contractor's codebase for injected agent instructions
- 3Checking for malicious hooks after a pull request modifies .claude/
- 4Security review before onboarding a new project with MCP integrations
- 5Catching prompt injection attempts hidden in CLAUDE.md files
Scan repository agent configuration files for known malicious patterns.
Security Audits
These signals reflect official OpenClaw status values. A Suspicious status means the skill should be used with extra caution.