Security Scanner
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: security-scanner Version: 1.0.0 The skill bundle defines a security scanner that utilizes common, legitimate security tools such as nmap, nuclei, sslscan, nikto, and testssl.sh. The instructions in SKILL.md are clear, directly align with the stated purpose of vulnerability scanning, and include ethical guidelines for responsible use. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts designed to subvert the agent for harmful activities. The network and file access are inherent to the functionality of a security scanning tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could help run scans that generate network traffic and probe services, so misuse could create legal, operational, or trust issues.
This is an active full-port and service scan command; it is purpose-aligned for a security scanner, but it can be intrusive or unauthorized if run against the wrong target.
nmap -p- -sV -sC -A TARGET -oN full_scan.txt
Only use this skill for systems you own or have written permission to test, and provide a precise target scope before running scans.
Results and safety depend on whatever local scanner binaries are installed, which may vary by machine or provenance.
The skill documentation references external tools, but the registry metadata does not declare or install them, so users must ensure they are using trusted, up-to-date installations.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Install security tools from trusted sources, keep them updated, and verify versions before relying on scan results.