{"skill":{"slug":"skill-security-scan","displayName":"Skill Scanner","summary":"Security checks for installing skills, packages, or plugins. Use BEFORE any `npm install`, `openclaw plugins install`, `clawhub install`, or similar install...","tags":{"latest":"1.0.0"},"stats":{"comments":0,"downloads":212,"installsAllTime":2,"installsCurrent":2,"stars":0,"versions":1},"createdAt":1773690891395,"updatedAt":1777526142837},"latestVersion":{"version":"1.0.0","createdAt":1773690891395,"changelog":"- Major update: Migrated from an automated shell audit tool to a comprehensive pre-install security checklist and manual review workflow.\n- Removed all audit scripts and blocklist/allowlist files; the skill no longer performs automated scanning.\n- Added detailed, actionable checklists for vetting sources, popularity, dependencies, lifecycle scripts, and post-install risks.\n- Expanded instructions to cover npm and ClawHub skill/package/plugin installs, including dynamic content, core file protection, and reporting known attack campaigns.\n- Focus is now on practical user guidance for risk assessment at install-time, rather than automated post-hoc scanning.","license":"MIT-0"},"metadata":null,"owner":{"handle":"sudhindrat","userId":"s174kxx0dw319dwywagpszag9x83ntbs","displayName":"sudhindrat","image":"https://avatars.githubusercontent.com/u/159858314?v=4"},"moderation":null}