📝 Unhackathon Project Submission: Skill-Vetter
Project Name

Skill-Vetter (The VibeClaw Auditor) 🛡️
One-Sentence Pitch

An automated, AI-driven security gateway that audits community-built OpenClaw skills for malicious code before they are allowed to execute on a user’s VPS.
The Problem

The OpenClaw ecosystem is rapidly expanding with thousands of community-built skills. However, users currently have no way to verify if a skill is safe or if it contains “poisoned” code that could exfiltrate .env files, execute rm -rf commands, or open unauthorized reverse shells on their servers.
The Solution

Skill-Vetter leverages the frontier reasoning of Claude 3.7 Sonnet (Thinking Mode) to perform deep semantic analysis of skill source code.

Automated Auditing: It scans for shell injections, destructive commands, and network exfiltration patterns.  
  
Risk Scoring: Every audited skill receives a Risk Score (0-10) and a definitive verdict: PASS, WARNING, or BLOCK.  
  
Self-Healing Infrastructure: During the hackathon, the agent successfully identified and remediated a "Mixed User Process" vulnerability on its own host VPS.  

Technical Stack

Core: OpenClaw 2026.2.27 Gateway  
  
Model: Claude 3.7 Sonnet (Thinking)  
  
Infrastructure: Hostinger VPS (Ubuntu 24.04)  
  
Interfaces: Telegram Bot (@VibeClawAsu_bot) & OpenClaw TUI  

Hackathon Achievements (The “Vibe” Check)

🟢 Successfully bypassed initial EACCES permission blocks and Node.js version conflicts.  
  
🟢 Configured a dedicated security persona with high-level auditing logic.  
  
🟢 Performed a live "Self-Audit" that detected a redundant root-level process, which was then manually terminated to harden the server.