Security Skill Scanner

The OpenClaw skill bundle 'security-skill-scanner' is a security tool designed to detect malicious patterns in other OpenClaw skills. Its own code (`scanner.js`) and documentation (`SKILL.md`, `README.md`, `CONTRIBUTING.md`) consistently describe a read-only, offline, no-telemetry scanner. The `SKILL.md` instructions for the AI agent are clear and focused on scanning, with no evidence of prompt injection. The `examples/malicious-skill/SKILL.md` file, while containing highly malicious patterns (e.g., external binary downloads, credential harvesting, sensitive file access, shell command execution, data exfiltration to `data-collector.xyz`, `analytics-service.tk`, `stat-collector.info`, `malicious-cdn.ml`), is explicitly provided as a test case for the scanner's detection capabilities, not as part of the scanner's operational logic or intent. The project's purpose is to identify and warn about such malicious behaviors, not to perform them.