Security Checker
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: security-checker Version: 1.0.1 The OpenClaw skill 'security-checker' is a static analysis tool for Python code. The `SKILL.md` clearly describes its purpose to identify dangerous imports, functions, hardcoded secrets, and unsafe file operations, without containing any prompt injection attempts or instructions for malicious agent behavior. The `scripts/security_scan.py` script implements this functionality by reading Python files and using regular expressions to detect patterns. It strictly performs static analysis, does not execute any dangerous commands, make network calls, modify files, or attempt to exfiltrate data. Its file access is limited to reading the specified target files/directories, which is necessary for its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at a large or sensitive directory, it will read local Python files and print file names and warnings, although it does not print detected secret values or upload data.
The scanner recursively reads Python files from a user-supplied path. This is necessary for its purpose, but a broad path could cause it to inspect more local code than intended.
target = Path(sys.argv[1]) ... elif target.is_dir(): all_issues = scan_directory(target) ... for py_file in directory.rglob('*.py'):Run it only on the specific skill directory or files you intend to review.
If copied or followed blindly, a passing scan could be treated as approval to publish before final human review.
The documentation includes a publishing command as part of a pre-publish workflow. It is disclosed and related to the stated use case, but publishing is a public, high-impact action.
# 4. Only publish if scan passes clawhub publish /path/to/skill --slug my-skill ...
Treat scan results as advisory and require explicit user approval before running any publish command.