ClawHub

SecurityClaw

v1.0.0

Security-first skill auditing and quarantine for OpenClaw skills. Use when installing new skills, reviewing skills from unknown sources, scanning skills for prompt injection/exfiltration/supply-chain risks, or when a bot suspects a skill is malicious. Guides static + optional sandbox checks, quarantines suspicious skills, and produces an owner-action checklist (Delete / Report / Allow / Scan all).

3· 1.9k·7 current·7 all-time
by@mallen-lbx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match what is present: an instruction doc plus a Python scanner that looks for risky patterns and can move (quarantine) skill folders. The skill does not declare unrelated env vars or external services.
Instruction Scope
SKILL.md instructs running the bundled scanner in read-only mode by default and only quarantining when explicitly requested; dynamic (sandbox) checks are described as optional and limited. The README includes example commands and a clear quarantine workflow. The SKILL.md does include an example prompt-injection phrase (used as a detection example) — this is expected for a scanner and not evidence of malicious intent.
Install Mechanism
No install spec and no external downloads. The scanner is instruction-only with a single included Python script; this is the lowest-risk installation model for this functionality.
Credentials
No environment variables, no credentials, and no config paths are requested. The scanner only needs filesystem access to the skills directory and an optional quarantine directory, which matches its purpose.
Persistence & Privilege
always:false and default model-invocation behavior are appropriate. The scanner can move directories when run with --quarantine, so it requires filesystem write permission to the provided skills path; this is expected but the user should ensure the script is invoked with the intended target path and not run as an overly privileged account.
Scan Findings in Context
[prompt_injection] expected: The pre-scan flagged 'ignore-previous-instructions' found inside SKILL.md. This phrase is intentionally referenced in the skill docs and rule catalog as an example of prompt-injection content the scanner should detect; flagging it is expected and not itself malicious.
Assessment
This skill is internally coherent for scanning and quarantining other skills. Before running: (1) review the bundled Python script (you already did) and confirm it will be run against the correct skills directory; (2) run it read-only first (no --quarantine) and examine report.json; (3) if you use --quarantine, run it as a normal user (not root) so it can only move files the user can already modify; (4) if you plan to perform dynamic sandboxing, follow the sandboxing.md guidance (run in an isolated VM/container with no network and no access to OpenClaw secrets); (5) remember the SKILL.md contains examples of attack markers (e.g., 'ignore previous instructions') which the scanner will flag — that's expected. If you need higher assurance, run the scanner on a copy of your skills folder or in a disposable environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a6vgt75zms6d3at3asdg5qn80fap4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments