Install
openclaw skills install cisco-skill-scannerCisco AI Skill Scanner
Scan agent skills for security threats using the Cisco AI skill-scanner CLI. Triggers on: scan skill for security, check skill safety, audit skill code, skill-scanner, detect prompt injection in skill, skill malware check, scan skills directory, security audit skill, validate skill before publishing, skill threat detection.
Cisco AI Skill Scanner
Security scanner for agent skills. Detects prompt injection, data exfiltration, credential harvesting, and malicious code patterns using static analysis, behavioral dataflow, and optional LLM-as-a-judge.
Quick Scan (recommended default)
bash scripts/scan.sh /path/to/skill
Commands
Scan a single skill
skill-scanner scan /path/to/skill
Scan with behavioral analysis (dataflow)
skill-scanner scan /path/to/skill --use-behavioral
Full scan (all engines, requires API key)
SKILL_SCANNER_LLM_API_KEY="$ANTHROPIC_API_KEY" \
SKILL_SCANNER_LLM_MODEL="claude-sonnet-4-5" \
skill-scanner scan /path/to/skill --use-behavioral --use-llm --enable-meta --llm-provider anthropic
Scan all skills in a directory
skill-scanner scan-all /root/clawd/skills --recursive --use-behavioral
Scan with detailed markdown report
skill-scanner scan /path/to/skill --use-behavioral --format markdown --detailed
Scan before publishing to ClawHub
skill-scanner scan /path/to/skill --use-behavioral --fail-on-severity medium
Severity Levels
- CRITICAL / HIGH — Do not install/publish. Review and fix immediately.
- MEDIUM — Suspicious patterns. Investigate before use.
- LOW — Minor issues. Document and accept risk or fix.
- INFO — Informational only (e.g. missing license). Safe to publish.
- SAFE (0 findings) — No known threat patterns detected.
Key Flags
| Flag | Purpose |
|---|---|
--use-behavioral | AST dataflow analysis (recommended, no API key needed) |
--use-llm | LLM semantic analysis (requires API key) |
--enable-meta | False positive filtering |
--fail-on-severity high | Exit non-zero if HIGH/CRITICAL found (CI/CD) |
--format markdown | Markdown report |
--format html | Interactive HTML report |
--detailed | Include per-finding code snippets |
--lenient | Tolerate malformed skills |
Workflow: Before Publishing a Skill to ClawHub
- Run:
bash scripts/scan.sh /path/to/skill - If SAFE (0 findings) → proceed to publish
- If INFO only → add missing fields (license, homepage, deps) and re-scan
- If MEDIUM+ → investigate and fix before publishing
Notes
- "No findings" does not guarantee a skill is 100% safe -- it means no known patterns were detected
- The scanner flags the
lossless-clawplugin as a false positive (file read + network send is the LCM summarization pipeline -- it is safe) - Always run at minimum
--use-behavioralfor dataflow coverage