How should hex-vetter be evaluated before use?

Use the required flow: snapshot, contract, and trust before recommending or executing this agent.

What kind of evidence is visible on this page?

This page surfaces public facts, change history, trust indicators, artifact evidence, and benchmark summaries with provenance.

Claim this agent

Agent DossierGITHUB OPENCLEWSafety 94/100

Xpersona Agent

hex-vetter

Physical-layer hex auditing for skills. Detects hidden binary data, control characters, and encoding-based attacks. --- name: hex-vetter version: 0.1.0 description: Physical-layer hex auditing for skills. Detects hidden binary data, control characters, and encoding-based attacks. author: Matrix-Meta license: GPL-3.0 tags: - security - hex - audit - binary-analysis --- hex-vetter 🔬 Physical-layer hex auditing skill forects hidden binary data AI agents. Det, control characters, and encoding-based attacks. Overview hex-vetter perfor

OpenClaw · self-declared

1 GitHub starsTrust evidence available

View Source

git clone https://github.com/Matrix-Meta/hex-vetter.git

Overall rank

#32

Adoption

1 GitHub stars

Trust

Unknown

Freshness

Apr 15, 2026

Freshness

Last checked Apr 15, 2026

Best For

hex-vetter is best for a, results workflows where OpenClaw compatibility matters.

Not Ideal For

Contract metadata is missing or unavailable for deterministic execution.

Evidence Sources Checked

editorial-content, GITHUB OPENCLEW, runtime-metrics, public facts pack

Overview Evidence & Timeline Artifacts & Docs API & Reliability Media & Related Machine Appendix

Overview

Key links, install path, reliability highlights, and the shortest practical read before diving into the crawl record.

Verifiededitorial-content

Overview

Executive Summary

No verified compatibility signals1 GitHub stars

Trust score

Unknown

Compatibility

OpenClaw

Freshness

Apr 15, 2026

Vendor

Matrix Meta

Artifacts

Benchmarks

Last release

Unpublished

Install & run

Setup Snapshot

git clone https://github.com/Matrix-Meta/hex-vetter.git

1
Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.
2
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence & Timeline

Public facts grouped by evidence type, plus release and crawl events with provenance and freshness.

Verifiededitorial-content

Public facts

Evidence Ledger

Vendor (1)

Vendor

Matrix Meta

profilemedium

Observed Apr 15, 2026Source link Provenance

Compatibility (1)

Protocol compatibility

OpenClaw

contractmedium

Observed Apr 15, 2026Source link Provenance

Adoption (1)

Adoption signal

1 GitHub stars

profilemedium

Observed Apr 15, 2026Source link Provenance

Security (1)

Handshake status

UNKNOWN

trustmedium

Observed unknownSource link Provenance

Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium

Observed Apr 15, 2026Source link Provenance

Events

Release & Crawl Timeline

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts & Docs

Parameters, dependencies, examples, extracted files, editorial overview, and the complete README when available.

Self-declaredGITHUB OPENCLEW

Captured outputs

Artifacts Archive

Extracted files

Examples

Snippets

Languages

typescript

Parameters

Executable Examples

bash

git clone https://github.com/Matrix-Meta/hex-vetter.git
cd hex-vetter
npm install

bash

# Scan a single file
node vet.js <file_path>

# Scan a directory recursively
node scan_all.js <directory_path>

# Verify file integrity
node verify.js <file_path>

javascript

const { scanFile } = require('./vet.js');
const result = await scanFile('/path/to/file.bin');

console.log(result.riskLevel);    // 'LOW', 'MEDIUM', 'HIGH'
console.log(result.flags);       // Array of detected issues
console.log(result.hexDump);      // Formatted hex output

javascript

const { scanFile } = require('./vet.js');

const result = await scanFile('./some file.js');
// Returns: { riskLevel, flags, hexDump, details }

javascript

const { scanDirectory } = require('./scan_all.js');

const results = await scanDirectory('./skills/');
// Returns: Array of scan results for each file

javascript

const { verifyIntegrity } = require('./verify.js');

const result = await verifyIntegrity('./starfragment.js');
// Returns: { valid, expected, actual }

Editorial read

Docs & README

Docs source

GITHUB OPENCLEW

Editorial quality

ready

Full README

name: hex-vetter version: 0.1.0 description: Physical-layer hex auditing for skills. Detects hidden binary data, control characters, and encoding-based attacks. author: Matrix-Meta license: GPL-3.0 tags:

security
hex
audit
binary-analysis

hex-vetter 🔬

Physical-layer hex auditing skill forects hidden binary data AI agents. Det, control characters, and encoding-based attacks.

Overview

hex-vetter performs deep hex-level analysis of files to detect what text-based reviewers miss. It's designed for security audits of skill packages, detecting hidden payloads, obfuscated code, and suspicious binary data.

Installation

git clone https://github.com/Matrix-Meta/hex-vetter.git
cd hex-vetter
npm install

Usage

Command Line

# Scan a single file
node vet.js <file_path>

# Scan a directory recursively
node scan_all.js <directory_path>

# Verify file integrity
node verify.js <file_path>

As a Module

const { scanFile } = require('./vet.js');
const result = await scanFile('/path/to/file.bin');

console.log(result.riskLevel);    // 'LOW', 'MEDIUM', 'HIGH'
console.log(result.flags);       // Array of detected issues
console.log(result.hexDump);      // Formatted hex output

What It Detects

| Flag | Description | |------|-------------| | NULL_BYTES | Null bytes (0x00) - signs of binary injection or file padding | | CONTROL_CHARS | Control characters (0x01-0x1F) - hidden terminal sequences | | UNICODE_OVERRIDE | Unicode directional overrides (LRO, RLO, etc.) | | HIGH_NON_ASCII | High ratio of non-ASCII bytes - Base64 or encoded payloads | | MAGIC_BYTES | Known magic bytes/signatures | | SUSPICIOUS_PATTERN | Pattern matching for common attack signatures |

API Reference

scanFile(filePath)

Scans a single file and returns analysis results.

const { scanFile } = require('./vet.js');

const result = await scanFile('./some file.js');
// Returns: { riskLevel, flags, hexDump, details }

scanDirectory(dirPath)

Recursively scans all files in a directory.

const { scanDirectory } = require('./scan_all.js');

const results = await scanDirectory('./skills/');
// Returns: Array of scan results for each file

verifyIntegrity(filePath)

Verifies file integrity using stored checksums.

const { verifyIntegrity } = require('./verify.js');

const result = await verifyIntegrity('./starfragment.js');
// Returns: { valid, expected, actual }

Risk Levels

🟢 LOW: Normal file, no suspicious content detected
🟡 MEDIUM: Some flags detected, manual review recommended
🔴 HIGH: Significant suspicious content, MUST be manually reviewed

Security Policy

Mandatory Review: Any file flagged as 🔴 HIGH RISK MUST be manually inspected by a human or a trusted agent before the skill is used.
False Positives: Risk ratings are heuristic. Common false positives include:
- .env mentions in .npmignore
- Documentation with encoded examples
- Compressed assets
Agent Action: If an agent performs an audit and finds HIGH RISK, it MUST:
- Notify the user immediately
- Provide the specific reason (e.g., signature match vs. binary data)
- Suggest next steps for manual review

Architecture

hex-vetter/
├── starfragment.js       # Core module (self-modifying storage)
├── scan_all.js          # Recursive directory scanner
├── verify.js            # Integrity verification
├── vet.js               # Main entry point
├── .primal_anchor       # Timestamp seed (gitignored)
├── .gitignore
├── LICENSE              # GPLv3
├── README.md
└── SKILL.md            # This file

Self-Modifying Storage

The starfragment.js module uses self-modifying storage - it reads and writes data from/to its own file at runtime. Constants are encoded and stored as valid JavaScript comments at the end of the source file.

License

GNU General Public License v3 (GPLv3) - See LICENSE file for details.

Contributing

Issues and pull requests are welcome on GitHub: https://github.com/Matrix-Meta/hex-vetter

API & Reliability

Machine endpoints, contract coverage, trust signals, runtime metrics, benchmarks, and guardrails for agent-to-agent use.

MissingGITHUB OPENCLEW

Machine interfaces

Contract & API

Endpoints

Dossier API Snapshot API Contract API Trust API

Contract coverage

Status

missing

Auth

None

Streaming

Data region

Unspecified

Protocol support

OpenClaw: self-declared

Requires: none

Forbidden: none

Guardrails

Operational confidence: low

No positive guardrails captured.

Invocation examples

curl -s "https://xpersona.co/api/v1/agents/matrix-meta-hex-vetter/snapshot"

curl -s "https://xpersona.co/api/v1/agents/matrix-meta-hex-vetter/contract"

curl -s "https://xpersona.co/api/v1/agents/matrix-meta-hex-vetter/trust"

Operational fit

Reliability & Benchmarks

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

Do not use if

Contract metadata is missing or unavailable for deterministic execution.

No benchmark suites or observed failure patterns are available.

Machine Appendix

Raw contract, invocation, trust, capability, facts, and change-event payloads for machine-side inspection.

MissingGITHUB OPENCLEW

Contract JSON

{
  "contractStatus": "missing",
  "authModes": [],
  "requires": [],
  "forbidden": [],
  "supportsMcp": false,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": null,
  "outputSchemaRef": null,
  "dataRegion": null,
  "contractUpdatedAt": null,
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/matrix-meta-hex-vetter/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/matrix-meta-hex-vetter/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/matrix-meta-hex-vetter/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/matrix-meta-hex-vetter/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/matrix-meta-hex-vetter/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/matrix-meta-hex-vetter/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "OPENCLEW"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "GITHUB_OPENCLEW",
      "generatedAt": "2026-04-17T04:43:17.781Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "OPENCLEW",
      "type": "protocol",
      "support": "unknown",
      "confidenceSource": "profile",
      "notes": "Listed on profile"
    },
    {
      "key": "a",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "results",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    }
  ],
  "flattenedTokens": "protocol:OPENCLEW|unknown|profile capability:a|supported|profile capability:results|supported|profile"
}

Facts JSON

[
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Matrix Meta",
    "href": "https://github.com/Matrix-Meta/hex-vetter",
    "sourceUrl": "https://github.com/Matrix-Meta/hex-vetter",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:21:22.124Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "OpenClaw",
    "href": "https://xpersona.co/api/v1/agents/matrix-meta-hex-vetter/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/matrix-meta-hex-vetter/contract",
    "sourceType": "contract",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:21:22.124Z",
    "isPublic": true
  },
  {
    "factKey": "traction",
    "category": "adoption",
    "label": "Adoption signal",
    "value": "1 GitHub stars",
    "href": "https://github.com/Matrix-Meta/hex-vetter",
    "sourceUrl": "https://github.com/Matrix-Meta/hex-vetter",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:21:22.124Z",
    "isPublic": true
  },
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/matrix-meta-hex-vetter/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/matrix-meta-hex-vetter/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]

Overview

Executive Summary

Setup Snapshot

Evidence & Timeline

Evidence Ledger

Release & Crawl Timeline

Artifacts & Docs

Artifacts Archive

Docs & README

hex-vetter 🔬

Overview

Installation

Usage

Command Line

As a Module

What It Detects

API Reference

scanFile(filePath)

scanDirectory(dirPath)

verifyIntegrity(filePath)

Risk Levels

Security Policy

Architecture

Self-Modifying Storage

License

Contributing

API & Reliability

Contract & API

Reliability & Benchmarks

Media & Related

Media & Demo

Related Agents

Machine Appendix