ClawHub

skill-scanner

v1.0.0

Security-first skill vetting for AI agents on OpenClaw and Claude Code. Scans any SKILL.md for malicious patterns, permission abuse, prompt injection, and Cl...

0· 63·0 current·0 all-time
by@billyhetech
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the instructions: the SKILL.md describes fetching/parsing SKILL.md content from URLs, GitHub raw, or local paths and running static checks. No unrelated binaries, environment variables, or config paths are requested in the registry metadata.
Instruction Scope
Runtime instructions are limited to fetching/parsing SKILL.md content, running pattern checks, and returning evidence-backed flags. It explicitly accepts pasted content, local skill paths (~/.openclaw/skills/[name]/SKILL.md), and URLs. This file access and optional network fetch are coherent with the stated scanning purpose. The 'proactively offer to scan' guidance is broad but not dangerous by itself.
Install Mechanism
No install spec and no code files are present — this is instruction-only. That minimizes risk because nothing is written to disk or executed beyond the platform's normal agent behavior.
Credentials
The skill declares no required env vars, no primary credential, and no special config paths. The instructions reference local skill paths and remote URLs only — appropriate for a scanner and proportional to its function.
Persistence & Privilege
Flags: always=false and default model invocation allowed. There is no request for permanent presence, no modification of other skills' configs, and no privilege escalation behavior in the SKILL.md. Autonomous invocation is platform-default and not, by itself, a concern here.
Assessment
This skill is internally consistent and reasonable for scanning SKILL.md files. Before using it: 1) Only allow network fetching when you trust the remote host — fetching an arbitrary URL could expose the skill to network-based hazards; prefer pasting content if you don't want the agent to fetch. 2) Be aware the scanner will read local SKILL.md files if you supply a path (e.g., ~/.openclaw/skills/...), so avoid passing files that contain secrets. 3) Treat the scanner's output as advisory — it can miss novel obfuscation techniques; for high assurance, run additional, isolated checks or inspect flagged lines manually. 4) If you plan to let the agent run scans automatically on install, consider restricting auto-fetching and reviewing any flagged evidence before installing a skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk972vhtncnze71gfdatk52exqs84b5jx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments