Scan repository agent configuration files for known malicious patterns
数据来源:ClawHub。 在 ClawSkills 查看
选择你使用的 Agent
方法一:命令行安装(推荐)
推荐(无需提前安装 clawhub)
npx clawhub@latest --dir ~/.claude/skills install vet-repo或使用 clawhub CLI(需提前安装)
clawhub --dir ~/.claude/skills install vet-repo⚠️ 需要 Node.js 18+,没有 Node?请使用下方方法二直接下载 ZIP。 安装 Node.js →
方法二:手动下载安装(无需 Node)
下载 ZIP,解压后将文件夹放到以下路径,重启 Agent 即可:
安装路径
~/.claude/skills/vet-repo/💡解压后将文件夹放到上方路径,重启 Agent 即可生效
--- name: vet-repo description: Scan repository agent configuration files for known malicious patterns disable-model-invocation: true allowed-tools: Read, Glob, Grep, Bash context: fork ---
Scan all agent configuration files in a repository for known malicious patterns. Use this when entering an unfamiliar codebase to assess agent-level security risks before trusting the repo's configurations.
Run the scanner script against the current project root:
python3 "$SKILL_DIR/scripts/vet_repo.py" "$PROJECT_ROOT"Where $SKILL_DIR is the directory containing this SKILL.md, and $PROJECT_ROOT is the root of the repository being scanned.
.claude/settings.json -- hook configs (auto-approve, stop loops, env persistence).claude/skills/ -- all SKILL.md files (hidden comments, curl|bash, persistence triggers).mcp.json -- MCP server configs (unknown URLs, env var expansion, broad tools)CLAUDE.md / .claude/CLAUDE.md -- instruction injection in project configStructured report with findings grouped by severity (CRITICAL, HIGH, MEDIUM, LOW, INFO) and actionable recommendations for each finding.
.claude/ or .mcp.jsonThis repository includes PreToolUse hooks in .claude/settings.json that warn on dangerous Bash commands (pipe-to-shell, rm -rf /, chmod 777, eval with variables, base64-to-execution) and sensitive file writes (.ssh/, .aws/, .gnupg/, shell profiles, settings.json).
These hooks are advisory only -- they produce warning messages but do not block execution. An agent or user can proceed past the warning.
{"decision": "block"} instead of a warning message
.claude/settings.json for the current hook definitions安装 Vet Repo 后,可以对 AI 说这些话来触发它
Help me get started with Vet Repo
Explains what Vet Repo does, walks through the setup, and runs a quick demo based on your current project
Use Vet Repo to scan repository agent configuration files for known malicious patterns
Invokes Vet Repo with the right parameters and returns the result directly in the conversation
What can I do with Vet Repo in my documents & notes workflow?
Lists the top use cases for Vet Repo, with example commands for each scenario
将技能文件夹放到 ~/.claude/skills/vet-repo/ 目录(个人级,所有项目可用),或 .claude/skills/vet-repo/(项目级)。重启 AI 客户端后,用 /vet-repo 主动调用,或让 AI 根据上下文自动发现并使用。
Vet Repo 支持 Claude、Cursor、OpenClaw,可与这些 AI 平台无缝集成,扩展其能力。
Vet Repo 可免费安装使用。请查阅仓库了解许可证信息。
Scan repository agent configuration files for known malicious patterns
Vet Repo 属于「Documents & Notes」分类,该分类的技能帮助 AI 智能体在此领域执行专业任务。
Automate my documents & notes tasks using Vet Repo
Identifies repetitive steps in your workflow and sets up Vet Repo to handle them automatically