ClawHub

ClawSkillShield

v1.0.0

Locally scans OpenClaw/ClawHub skills for security risks like hardcoded secrets, dangerous calls, and risky imports, then scores and quarantines threats.

1· 1.5k·0 current·1 all-time
by@abyousef739
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/SKILL.md/README describe a local static scanner and included Python modules implement that scanner. The requested resources (no env vars, no external binaries) are proportional. Minor oddity: the analyzer flags 'risky imports' such as os/open but the scanner itself uses os and open to perform filesystem operations; this is explainable (the scanner needs filesystem access) but should be documented to avoid confusion.
!
Instruction Scope
SKILL.md and README present a Python API example that does not match the implementation. Examples show: 'threats = scan_local(...)' and then 'if risk_score < 4: quarantine(...)'. In the actual code, scan_local(path) returns a formatted string report, not a threats list or a numeric risk score. There is no exported function that directly returns a numeric risk score to callers. Also the CLI/API allows an agent to call quarantine(path), which moves the target path into ~/.openclaw/quarantine — functional for quarantine but potentially destructive if invoked on the wrong path. The instructions give agents the discretion to auto-quarantine; that combination of autonomous invocation + move behavior requires caution.
Install Mechanism
No install spec was provided by the registry (instruction-only) but the package contains a pyproject and console entrypoint so it can be installed with pip locally. There are no external downloads, no network calls in code, and no extract-from-URL behavior — low install risk.
Credentials
No environment variables, credentials, or config paths are requested. The only filesystem write is the quarantine directory under the user's home (~/.openclaw/quarantine) which is consistent with a quarantine feature.
Persistence & Privilege
always is false (no forced inclusion). The skill can be invoked autonomously (default). Because it implements quarantine by moving directories, an autonomous agent using the provided example could move user files. This is not necessarily malicious, but it is a privileged destructive action that should be gated behind safe checks and correct API behavior (see mismatch noted above).
What to consider before installing
This package appears to implement a local static scanner and quarantine facility and does not make network calls or request secrets — that part is coherent. However, the documentation examples and the actual Python API do not match: scan_local() returns a formatted string report, not a list of threats or a numeric risk_score as shown in the README/SKILL.md. That means agent code copied from the docs could behave incorrectly (or fail) and might mis-handle quarantine decisions. Before installing or giving an agent the ability to call this skill autonomously: 1) Review and fix the API/documentation mismatch (either return structured data and a numeric score from scan_local or update docs/examples). 2) Add a function that returns structured results (threat list + numeric score) so agents can make safe decisions programmatically. 3) Add safety checks around quarantine (confirm path is a skill folder, prevent system-path moves, require explicit confirmation or a dry-run mode). 4) Test the quarantine behavior in a sandbox so you’re comfortable that moving directories to ~/.openclaw/quarantine won’t delete or hide important data. If you plan to enable autonomous agent invocation, only do so after these safeguards are implemented and reviewed.

Like a lobster shell, security has layers — review code before you run it.

agent-safetyvk979680vw3fb9epfh8m81rhnsx80p92slatestvk979680vw3fb9epfh8m81rhnsx80p92squarantinevk979680vw3fb9epfh8m81rhnsx80p92sscannervk979680vw3fb9epfh8m81rhnsx80p92ssecurityvk979680vw3fb9epfh8m81rhnsx80p92s
1.5kdownloads
1stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@abyousef739
agent-safetylatestquarantinescannersecurity
Download

ClawSkillShield 🛡️

Local-first security scanner for OpenClaw/ClawHub skills.

What It Does

  • Static analysis for security risks and malware patterns
  • Detects:
    • Hardcoded secrets (API keys, credentials, private keys)
    • Risky imports (os, subprocess, socket, ctypes)
    • Dangerous calls (eval(), exec(), open())
    • Obfuscation (base64 blobs, suspicious encoding)
    • Hardcoded IPs
  • Risk scoring (0–10) + detailed threat reports
  • Quarantine high-risk skills automatically

Dual-Use Design

  • CLI for humans: Quick safety checks before installing skills
  • Agent API: Importable functions for autonomous agents/Moltbots to proactively scan and quarantine risky skills (essential post-ClawHavoc)

Quick Start

CLI (Humans)

pip install -e .
clawskillshield scan-local /path/to/skill
clawskillshield quarantine /path/to/skill

Python API (Agents)

from clawskillshield import scan_local, quarantine

threats = scan_local("/path/to/skill")
if risk_score < 4:  # HIGH RISK
    quarantine("/path/to/skill")

Zero Dependencies

Pure Python. No network calls. Runs entirely locally.

Why This Matters

ClawHavoc demonstrated how easily malicious skills can slip into the ecosystem. ClawSkillShield provides a trusted, open-source defense layer—audit the code, run offline, stay safe.

GitHub: https://github.com/AbYousef739/clawskillshield
License: MIT
Author: Ab Yousef
Contact: contact@clawskillshield.com

Comments

Loading comments...