io.github.temurkhan13/openclaw-skill-vetter-mcp

MCP server for security-vetting third-party AI agent extensions: 41 detection rules.

7 tools GitHub

No known CVEs

No license

Actively maintained

Last commit 5d ago

Works with most clients

Transport: stdio

7 tools · ~450 tok

Grade A · 0.2% of 200K ctx

Edit this pageView history

AI / ML

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-temurkhan13-openclaw-skill-vetter-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-temurkhan13-openclaw-skill-vetter-mcp)](https://mcppedia.org/s/io-github-temurkhan13-openclaw-skill-vetter-mcp)

Read me

What io.github.temurkhan13/openclaw-skill-vetter-mcp does

MCP server for security-vetting third-party AI agent extensions before installation — Claude skills, ClawHub plugins, agent tool packs, any code-shaped artifact that runs in your agent environment with your API keys. 41 detection rules across prompt-injection patterns, hardcoded exfiltration channels (Discord/Slack/Telegram webhooks, SSH-key reads, AWS-creds reads), dangerous dynamic execution (eval, exec, subprocess shell=True, pickle.loads), manifest/permission drift, and known typosquat dep

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

71/100across 5 weighted dimensions

How we score →

0255075100

−29

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (7)

Click any tool to inspect its schema.

~450 tokens total

Inventory

Resources (3)

skill-vetter://overview

installed-skills risk overview

skill-vetter://overview

skill-vetter://flagged

currently-flagged skills

skill-vetter://flagged

skill-vetter://rules

detection rules catalog

skill-vetter://rules

Inventory

Prompts (2)

pre-install-skill-check

vet a specific skill before installation

weekly-skill-audit

compose a 200-word weekly audit of all installed skills

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.temurkhan13/openclaw-skill-vetter-mcp safe to use?: io.github.temurkhan13/openclaw-skill-vetter-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.temurkhan13/openclaw-skill-vetter-mcp?: io.github.temurkhan13/openclaw-skill-vetter-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can io.github.temurkhan13/openclaw-skill-vetter-mcp do?: io.github.temurkhan13/openclaw-skill-vetter-mcp provides 7 tools: vet_skill, vet_skill_directory, installed_skills_overview, flagged_skills_report, scan_for_prompt_injection and 2 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.temurkhan13/openclaw-skill-vetter-mcp?: io.github.temurkhan13/openclaw-skill-vetter-mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.temurkhan13/openclaw-skill-vetter-mcp actively maintained?: io.github.temurkhan13/openclaw-skill-vetter-mcp is actively maintained — last commit was 5 days ago.

Similar servers

Others in ai-ml

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

85.9k 5

Context Mode95

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

15.1k 6

Gemini Cli95

An open-source AI agent that brings the power of Gemini directly into your terminal.

104.3k 8

Antigravity Workspace Template94

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.2k 2

MCP Security Weekly

Get CVE alerts and security updates for io.github.temurkhan13/openclaw-skill-vetter-mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

openclaw-skill-vetter-mcp

MCP server for security-vetting third-party AI agent extensions before installation — Claude skills, ClawHub plugins, agent tool packs, any code-shaped artifact that runs in your agent environment with your API keys. 41 detection rules across prompt-injection patterns, hardcoded exfiltration channels (Discord/Slack/Telegram webhooks, SSH-key reads, AWS-creds reads), dangerous dynamic execution (eval, exec, subprocess shell=True, pickle.loads), manifest/permission drift, and known typosquat dependencies. Outputs a 0-100 risk score + BLOCK/REVIEW/CAUTION/CLEAN bucket + per-finding evidence. Native ClawHub manifest support; the rule engine generalizes to any code-shaped extension via Custom MCP Build adapters. Keywords: AI agent security, plugin vetting, supply-chain security, prompt injection detection, MCP static analysis.

What it does

Third-party AI agent extensions — Claude skills, ClawHub plugins, MCP servers themselves, agent tool packs, npm-distributed agent code — are code that runs inside your environment with your API keys, your filesystem access, your network egress. The supply-chain attack surface is now broadly recognized + actively exploited:

The OWASP MCP Top 10 catalogues prompt injection, command injection, and "rug pull" attacks where compromised MCP servers update with malicious tool definitions after user approval. Microsoft, Datadog, Atlassian, Palo Alto Unit 42, and Prompt Security have all published detailed threat analyses in 2026: see Datadog's MCP risks blog, Atlassian's MCP Clients risk awareness, and Unit 42's MCP sampling attack vectors.

The 2026 ClawHavoc campaign poisoned the OpenClaw skill registry (ClawHub) at scale. Latest public counts: 824 confirmed malicious skills (~7.7% of a 10,700+ registry as of mid-Feb 2026) per Koi Security + The Hacker News. Snyk's ToxicSkills study flagged prompt injection in 36% of skills + 1,467 malicious payloads. Bitdefender's independent analysis places it at ~900 / ~20% of the ecosystem. Antiy Labs catalogued 1,184 historically published. Zscaler ThreatLabz documented the DeepSeek-Claw skill distributing Remcos RAT + GhostLoader — exfils macOS keychain, SSH keys, crypto wallets, cloud API tokens.

The OpenClaw runtime itself accumulated 138+ CVEs in 2026 (tracker) — one-click RCE (CVE-2026-25253, CVSS 8.8), browser-snapshot RCE ([CVE-2026-42436](https://www.redpacketsecurity.com/cve-alert-cve-2026-42436-openclaw-

Frequently Asked Questions

Is io.github.temurkhan13/openclaw-skill-vetter-mcp safe to use?

io.github.temurkhan13/openclaw-skill-vetter-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.temurkhan13/openclaw-skill-vetter-mcp?

io.github.temurkhan13/openclaw-skill-vetter-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

What can io.github.temurkhan13/openclaw-skill-vetter-mcp do?

io.github.temurkhan13/openclaw-skill-vetter-mcp provides 7 tools: vet_skill, vet_skill_directory, installed_skills_overview, flagged_skills_report, scan_for_prompt_injection and 2 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with io.github.temurkhan13/openclaw-skill-vetter-mcp?

io.github.temurkhan13/openclaw-skill-vetter-mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is io.github.temurkhan13/openclaw-skill-vetter-mcp actively maintained?

io.github.temurkhan13/openclaw-skill-vetter-mcp is actively maintained — last commit was 5 days ago.

openclaw-skill-vetter-mcp

What it does