OpenClaw Skill Scanner

Type: OpenClaw Skill Name: openclaw-skill-scanner Version: 1.0.0 This skill bundle is a security scanner designed to detect malicious patterns in other OpenClaw skills. The `SKILL.md` clearly outlines its purpose and the types of threats it identifies (e.g., reverse shells, data exfiltration, base64 payloads), without instructing the agent to perform these actions. The `install-hook.sh` script safely downloads skills to a temporary directory using `openclaw hub install` and then invokes `scanner.py` for analysis before installation. The `scanner.py` itself contains the detection logic, including comprehensive regex patterns for various malicious activities, and explicitly avoids flagging its own code. All actions, including file system operations and subprocess calls, are consistent with the legitimate function of a security tool.