ClawHub

isnad-scan

v1.0.0

Scan AI agent skills for security vulnerabilities — detects code injection, prompt injection, credential exfiltration, supply chain attacks, and 69+ threat p...

0· 491·1 current·2 all-time
byRapi@0xrapi
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (a scanner) matches the declared requirement: the isnad-scan binary. No unrelated env vars, config paths, or surprising binaries are requested.
Instruction Scope
SKILL.md only instructs running the scanner on a path and shows flags and a Python API. This stays within the stated purpose. Caveats: using --cve implies network queries to OSV.dev (expected for CVE checks) and the Python import example means the package code will be imported into the agent process — SKILL.md does not state whether the scanner performs any dynamic execution of scanned code or telemetry/remote submission of findings.
Install Mechanism
SKILL.md includes a pipx install entry for isnad-scan (PyPI), which is a standard mechanism. The registry metadata noted 'No install spec', creating a minor inconsistency between declared registry install specs and the SKILL.md. Installing from PyPI via pipx is moderate risk but expected for a Python tool; there are no ad-hoc downloads or unknown URLs.
Credentials
No environment variables or credentials are requested, which is proportionate to a scanner. The only external access implied is CVE lookups (public OSV.dev) and possibly GitHub/PyPI lookups referenced in the README links.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent elevated presence or attempt to modify other skills. Autonomous invocation is allowed (platform default) but not by itself a concern here.
Assessment
This skill appears to be a thin integration for the isnad-scan tool and is coherent with its description. Before installing: (1) verify the pip package and GitHub repo (pip install isnad-scan / https://github.com/counterspec/isnad) to ensure you trust the upstream maintainer; (2) if you care about privacy, run scans on copies of sensitive data and be aware that --cve will perform network queries to OSV.dev; (3) inspect the isnad-scan package source (or GitHub) before pipx installing, since the Python import example means code will run inside your agent process; (4) confirm whether the tool performs any dynamic execution of scanned code or telemetry/remote uploads (not documented in SKILL.md). These checks will reduce risk before you give the agent permission to run the scanner.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛡️ Clawdis
Binsisnad-scan
latestvk9758h6xyseys2m1j30g6z269s81gwsy
491downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Rapi@0xrapi
latest
Download

isnad-scan — Security Scanner for AI Agent Skills

Scan any skill, package, or directory for security threats before installing or running it.

Quick Scan

isnad-scan <path>

Scans a directory and reports findings by severity (CRITICAL, HIGH, MEDIUM, LOW).

Options

isnad-scan <path> --cve          # Also check dependencies for known CVEs (via OSV.dev)
isnad-scan <path> -v             # Verbose output (show matched lines)
isnad-scan <path> --json         # Machine-readable JSON output
isnad-scan <path> --cve -v       # Full audit: CVEs + verbose findings

What It Detects (69+ patterns)

Code Injection — shell execution, eval, exec, subprocess, os.system, dynamic imports Prompt Injection — role override attempts, instruction hijacking, jailbreak patterns Credential Exfiltration — env var harvesting, keychain access, token theft, file reads of sensitive paths Network Threats — reverse shells, DNS exfiltration, unauthorized outbound connections, webhook data leaks Filesystem Attacks — path traversal, symlink attacks, /etc/passwd reads, SSH key access Supply Chain — typosquatting detection, minified JS analysis, binary file scanning, hidden files Crypto Risks — weak algorithms, hardcoded keys, wallet seed extraction

When to Use

  1. Before installing a new skill — scan the skill directory first
  2. Auditing existing skills — periodic security review
  3. Reviewing PRs/contributions — catch malicious code in submissions
  4. Pre-publish validation — ensure your own skills are clean before sharing
  5. CI/CD integrationisnad-scan . --json for automated checks

Interpreting Results

🔴 CRITICAL  — Immediate threat. Do not install/run.
🟠 HIGH      — Likely malicious or dangerous. Review carefully.
🟡 MEDIUM    — Suspicious pattern. May be legitimate, verify intent.
🔵 LOW       — Informational. Common in legitimate code but worth noting.

Examples

Scan a ClawHub skill before installing:

isnad-scan ./skills/some-new-skill/

Full audit with CVE checking:

isnad-scan ./skills/some-new-skill/ --cve -v

JSON output for automation:

isnad-scan . --json | python3 -c "import sys,json; d=json.load(sys.stdin); print(f'{d[\"summary\"][\"critical\"]} critical, {d[\"summary\"][\"high\"]} high')"

Python API

from isnad_scan import scan_directory

results = scan_directory("/path/to/skill")
for finding in results.findings:
    print(f"[{finding.severity}] {finding.category}: {finding.description}")
    print(f"  File: {finding.file}:{finding.line}")

About ISNAD

ISNAD (إسناد) means "chain of transmission" — a method for verifying the authenticity of transmitted knowledge. isnad-scan is the security layer of the ISNAD Protocol, bringing trust verification to the AI agent skill ecosystem.

PyPI: pip install isnad-scan GitHub: counterspec/isnad Protocol: isnad.md

Comments

Loading comments...