Install
openclaw skills install @certainlogicai/ai-agent-skill-scannerSecurity scanner for AI agent skills. Detects hardcoded secrets, unsafe code execution, prompt injection, and malware patterns in under 50ms. Scan before you install.
openclaw skills install @certainlogicai/ai-agent-skill-scannerScan any skill for security issues before you install it. Detects hardcoded secrets, unsafe code execution, prompt injection, and malware patterns in under 50ms.
# Scan any installed skill folder
python3 scripts/vetter.py /path/to/skill
# JSON output for scripting
python3 scripts/vetter.py /path/to/skill --json
| Issue | Severity | Example |
|---|---|---|
eval() / exec() | Critical | Runs arbitrary code |
| Pipe to shell | Critical | `curl ... |
| Destructive commands | Critical | rm -rf /, mkfs. |
os.system() | Critical | Shell commands |
| Hardcoded API keys | High | api_key, apikey |
shell=True | High | Shell injection risk |
| Hardcoded secrets | High | auth_token, secret |
| Credential file access | High | .ssh/, .aws/ |
| Sudo elevation | High | sudo commands |
| Base64 obfuscation | High | Hidden code execution |
| Git config access | High | .git/config reads |
| Password hardcoding | High | password literal |
| Permission overrides | Medium | chmod 777 |
| Network calls | Medium | requests.post() |
node_modules/, __pycache__/, .git/ (reduced false positives)--verbose flag for skipped file countsScanned 430 files in 368ms (skipped 6)
Found 1 issue(s):
[CRITICAL] pipe-to-shell at install.sh:26
→ Remote code execution risk: downloading and piping to shell
clawhub install ai-agent-skill-scanner
clawhub star ai-agent-skill-scanner — clawhub sync