ClawHub

Security Skill Scanner

v2.0.0

Scans OpenClaw skills for security vulnerabilities and suspicious patterns before installation

7· 2.3k·9 current·9 all-time
by@anikrahman0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided artifacts: scanner.js, test.js, examples, and a SKILL.md that documents CLI and programmatic usage. No unrelated environment variables, binaries, or install hooks are requested. The files and examples justify the scanner purpose.
Instruction Scope
SKILL.md instructs the agent to read skill markdown and optionally run scanner.js locally; it also documents scanning an installed-skills directory (~/.openclaw/skills/). That read access is appropriate for the task, but the scanner searches arbitrary files and will surface anything it finds (including sensitive content embedded in skills). The project uses broad regexes (e.g., backticks, template string, ${...}) which the README already warns will produce false positives.
Install Mechanism
No install spec is provided (instruction-only skill for OpenClaw) and the included Node.js scripts have no external package downloads. scanner.js is a single-file, zero-dependency Node tool (shebang present). This is low-risk compared to remote downloads or executing fetched archives.
Credentials
The skill requests no environment variables or credentials. It does require read access to skill files/directories to operate (explicitly documented). That file access is proportionate to its purpose but could expose secrets if those appear in scanned files — the README properly warns users to review flagged items manually.
Persistence & Privilege
Flags: always is false and the skill is user-invocable. The scanner declares itself read-only and the code reads files but does not attempt to persist changes or modify other skills/config. No evidence of system-wide config modification or forced persistence.
Assessment
This scanner appears to be what it claims: a local, regex-based SKILL.md scanner. Before running it, review the included scanner.js yourself (it's provided) and run it in a safe environment. Be aware: the tool intentionally uses broad regexes and will produce false positives (the README documents this). When scanning a directory, the scanner will read all files you point it at — do not scan directories that contain secrets you don't want a tool or its logs to access. If you plan to automate scans, consider running the scanner on a dedicated sandbox or CI job and review its whitelist configuration (.security-scanner-config.json). Finally, if you want higher assurance, confirm scanner.js exports and test behavior locally (node test.js) and verify the GitHub repository/commit history and maintainer identity before adopting it as part of an automated install pipeline.

Like a lobster shell, security has layers — review code before you run it.

ai-agentsvk97ertys45k4ga3ezpxv8hesbn80vgcylatestvk970b0kstde6w48r5a7ph70ek5818xhxmalware-detectionvk97ertys45k4ga3ezpxv8hesbn80vgcysafetyvk97ertys45k4ga3ezpxv8hesbn80vgcysecurity scannervk97ertys45k4ga3ezpxv8hesbn80vgcysecurity-toolsvk97ertys45k4ga3ezpxv8hesbn80vgcyvalidationvk97ertys45k4ga3ezpxv8hesbn80vgcy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments