Openclaw Skill Scanner
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent security-scanning helper that performs the advertised local scans and optional quarantine, with no evidence of hidden data theft or malicious behavior.
This skill appears safe to use as a local OpenClaw skill-scanning helper, but review the external tools it installs or runs, verify the missing systemd reference files before enabling auto-scan, and understand that the optional background mode can automatically quarantine installed skills.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the auto-scan service is enabled, a skill with High/Critical scanner findings may be moved out of the active skills folder automatically.
The skill documents optional persistent background scanning and automatic quarantine of installed skills. This is aligned with the security-gate purpose, but it can change the user's local skill set without a per-event prompt once enabled.
Any change under `~/.openclaw/skills/` triggers `scripts/auto_scan_user_skills.sh` ... If High/Critical findings exist, the script moves failing skill directories to: `~/.openclaw/skills-quarantine/<skillname>-<timestamp>`
Enable the systemd auto-scan only if you want automatic quarantine behavior; keep backups or review the quarantine folder and scan reports after changes.
The security gate depends on external code from GitHub and Python dependencies resolved by uv.
The setup pulls and builds an external scanner repository without pinning a commit or release. This is expected for the scanner's purpose, but it means the exact code being trusted can change over time.
git clone https://github.com/cisco-ai-defense/skill-scanner cd skill-scanner CC=gcc uv sync --all-extras
For stronger supply-chain assurance, install a reviewed release or pinned commit of skill-scanner and keep dependency lockfiles under review.
Installing from ClawHub through this helper runs the clawhub CLI via npx and downloads skill content before scanning it.
The ClawHub install wrapper invokes npx to fetch/run the clawhub CLI and download skills into a staging directory. This is purpose-aligned, but it relies on the package source and current package resolution.
( cd "$STAGE_DIR" && npx -y clawhub --workdir "$STAGE_DIR" --dir skills "${INSTALL_ARGS[@]}" )Use a trusted npm configuration and consider pinning or preinstalling a known-good clawhub CLI version if reproducibility matters.
The documented systemd setup command may fail because the referenced unit-template files are not included in the provided file list.
SKILL.md says systemd templates are bundled under references/, but the supplied manifest contains only SKILL.md and scripts. This appears to be an incomplete packaging/documentation issue rather than malicious behavior.
5 file(s): SKILL.md; scripts/auto_scan_user_skills.sh; scripts/clawhub_scan_install.sh; scripts/scan_and_add_skill.sh; scripts/scan_openclaw_skills.sh
Before relying on auto-scan, verify the systemd unit files are actually present and inspect their contents.