Vetting Plugins + Tools

Working is not the same as safe. A repeatable gate before anything touches your workspace, config, or data.

The Problem

Every plugin, ClawHub skill, platform integration, extension, script, and package is a dependency. Any of them can read files they shouldn't, call services you didn't approve, or change behavior after an update. When a tool includes actual code, the risk goes deeper — install scripts, network calls, and file-write behavior that aren't visible without inspection.

The Solution

This course installs a vetting gate for anything that wants file, network, shell, or config access to your workspace — plugins, ClawHub skills, platform integrations, browser extensions, repos, scripts, and packages. Your main agent asks the 7 vetting questions and manages the decision. When the tool includes actual code, Claude Code runs a code-level inspection: checking permissions, network calls, install scripts, dependencies, and file-write behavior. The operator makes the final call before anything runs.

You will: vet your next tool install — question its permissions, inspect its code if it has any, and decide before it touches your workspace.