Skill-Scanner-Pro
v0.1.4Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data...
⭐ 0· 342·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the delivered artifacts: a Python scanner (skill_scanner.py) and an optional Streamlit UI (streamlit_ui.py) that scan skill folders for threat patterns. No unrelated environment variables, binaries, or system-level credentials are requested. Minor provenance inconsistencies: registry metadata lists version 0.1.4 while _meta.json/README reference 0.1.3, and README suggests cloning a GitHub repo owned by 'bvinci1-design' while the registry owner is different—this is not a direct security issue but reduces confidence in source provenance.
Instruction Scope
SKILL.md and README instruct the agent/user to run the scanner against local skill folders or upload ZIPs/code in the Streamlit UI. The scanner's runtime behavior (reading files under the provided path, skipping ignored directories, and reporting matches) aligns with the stated purpose. It does read file contents from paths you point it at (including SKILL.md, code files, and uploaded archives) — expected for a scanner.
Install Mechanism
No install spec is provided (instruction-only installer) and the scanner claims to use only the Python standard library. The Streamlit UI is optional and requires installing the streamlit package if you want the web interface. There are no remote downloads or archive extraction steps performed by the skill itself; README suggests cloning the GitHub repo (standard practice) but that is an out-of-band action the user performs.
Credentials
The skill does not request any environment variables or credentials. The scanner intentionally scans targets for uses of credential paths and environment access (that is its purpose). Be aware it will read any files you point it at — do not point it at sensitive directories unless you intend it to scan them.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or persistent system privileges. The Streamlit UI and CLI use temporary directories for uploaded content; no code in the provided snippets indicates modification of other skills or system settings. Standard caution: run untrusted code (including tools) in isolated environments when possible.
Assessment
This package appears to be a straightforward local static scanner and UI for auditing Clawdbot/MCP skills. Before installing or running it: 1) Verify the source — confirm the GitHub repository and registry owner match and review the full repo for unexpected network calls or shell execution (the README points to a GitHub repo whose owner differs from the registry owner). 2) Run the scanner on copies of skill folders in an isolated environment (container or VM), not as root, particularly when scanning untrusted skills. 3) Expect false positives (patterns like '.env' or credential path mentions will be flagged) — review findings manually. 4) If you use the Streamlit UI, install streamlit in a controlled environment; the UI writes uploaded files to a temporary directory. 5) If you need higher assurance, review the full, untruncated source for any hidden network access or subprocess execution before trusting it with sensitive directories.Like a lobster shell, security has layers — review code before you run it.
latestvk977gdw4a64fjcza5790k9943x81ysbw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.