openclaw-skill-vetter-mcp
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| OPENCLAW_SKILLS_DIR | No | Path to skills directory (default: ~/.openclaw/skills/) | |
| OPENCLAW_SKILL_VETTER_BACKEND | No | Backend to use: mock, openclaw-skills-dir, or clawhub-fetch (default: mock) | mock |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| vet_skillA | Run all scanners on a single skill — manifest, static patterns, AST, dependencies. Returns a VetReport with risk_score (0-100), risk_level (BLOCK/REVIEW/CAUTION/CLEAN), per-finding details, and a one-paragraph summary. Use this before installing a skill. |
| vet_skill_directoryA | Run all scanners on every skill in the configured directory and return an aggregate report (per-skill VetReports + counts by risk level). Use this for a periodic audit of installed skills. |
| installed_skills_overviewA | Lightweight overview — just the risk-level counts and the IDs of any skills at REVIEW or BLOCK level. Faster than vet_skill_directory; use this for status-bar / dashboard callers. |
| flagged_skills_reportA | Returns just the REVIEW + BLOCK skills with their findings, sorted by risk_score descending. Use this when you only care about what needs attention. |
| scan_for_prompt_injectionA | Run only the prompt-injection scanner on a single skill. Returns its VetReport with non-prompt-injection findings stripped — useful when you want a focused signal. |
| scan_for_exfiltrationA | Run only the exfiltration scanner on a single skill. Returns its VetReport with non-exfiltration findings stripped — useful for focused investigation of a suspected data-leak skill. |
| list_detection_rulesA | Return the catalog of every detection rule this server applies, with rule IDs, severities, and descriptions. Use this to understand what the vetter checks (and what it doesn't). |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| pre-install-skill-check | Walk through vetting a specific skill before installation |
| weekly-skill-audit | Compose a 200-word audit of all installed skills |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| Installed-skills risk overview | Risk-level counts + flagged skill IDs from the configured skills directory |
| Currently-flagged skills | REVIEW + BLOCK skills with their findings, sorted by risk_score |
| Detection rules catalog | Full catalog of detection rules this server applies |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/temurkhan13/openclaw-skill-vetter-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server