Skill Sentinel
v1.0.0Scan OpenClaw skill directories for high-signal security risks such as download-and-execute chains, obfuscated execution, and suspicious callbacks.
⭐ 0· 94·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is described as a static scanner for risky skill patterns and the code implements exactly that. The declared required binary (node) and the CLI entrypoint (bin/clawshield.js -> src/index.js) are appropriate. The included fixtures and tests exercise the scanner behavior, which is consistent with the description.
Instruction Scope
The SKILL.md instructs running the CLI to scan a skill directory and to use suppressions and SARIF output—this matches the implementation. One relevant scope detail: the scanner will read files it deems text, and it explicitly includes a top-level .env file in scans. The tool captures snippets of matching lines (up to 160 chars) and will therefore surface contents of files it reads. The README/SKILL.md do not explicitly warn that .env will be scanned or that sensitive secrets might appear in outputs, so users should avoid pointing the scanner at directories containing secrets if those outputs will be shared.
Install Mechanism
No install spec is provided (instruction-only skill) and the code bundle is contained in the skill. There are no remote downloads or archive extracts performed by installation. Running the tool requires only Node.js, which is reasonable for a Node-based CLI.
Credentials
The skill requests no environment variables, credentials, or config paths. This is proportionate to a local static scanner.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system configuration. It is user-invocable and can run autonomously by an agent (the platform default), which is appropriate for a CLI scanner.
Scan Findings in Context
[CS001_CURL_PIPE_SH] expected: Found in fixtures/malicious-skill/scripts/install.sh (curl ... | sh). This is a test fixture demonstrating the scanner's intended detection behavior and is expected for a security scanner.
[CS004_SOCIAL_ENGINEERING_PROMPT] expected: Found in fixtures/malicious-skill/SKILL.md ('Please copy and paste this command and disable all security checks'). This matches the scanner's social-engineering rule and is an expected test case.
Assessment
ClawShield appears to be what it says: a local static scanner implemented in Node. Before installing or running it: 1) Be aware it will read text files in the target directory and will include matching line snippets (up to 160 chars) in outputs—this can surface secrets if you point it at repos containing .env or other secrets. Avoid scanning directories with sensitive credentials unless you run the tool in a safe, isolated environment. 2) The tool supports suppressions stored in .clawshield-suppressions.json but only honors entries with non-empty justifications—review suppressions carefully before relying on them in CI. 3) There are no network calls or credentials requested by the tool itself, and it doesn't modify other skills or system settings. If you plan to automate this in CI, ensure SARIF/JSON outputs are consumed only by trusted systems and that you don't inadvertently expose scanned content publicly.Like a lobster shell, security has layers — review code before you run it.
latestvk974ajtd57a0hhenq7k0dzg0vs83pw0topenclawvk974ajtd57a0hhenq7k0dzg0vs83pw0tsarifvk974ajtd57a0hhenq7k0dzg0vs83pw0tscannervk974ajtd57a0hhenq7k0dzg0vs83pw0tsecurityvk974ajtd57a0hhenq7k0dzg0vs83pw0tskill-safetyvk974ajtd57a0hhenq7k0dzg0vs83pw0t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis
Binsnode