SkillGuard Scanner
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent, user-directed skill security scanner, with cautions around local command use, saved scan snippets, and not treating its results as a guarantee.
This skill looks purpose-aligned for auditing OpenClaw skills. Run it deliberately, keep local scan reports private if they contain snippets, and do not treat a clean result as a complete guarantee that another skill is safe.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The scanner may execute local commands or a local CLI when you ask it to scan or fetch a skill.
The skill may run a local Python scanner and optionally use the ClawHub CLI to fetch a skill for scanning. This is disclosed and user-directed, but it is still local tool execution.
Run `python3 {scripts}/scanner.py --fetch-clawhub <skill-name>` (requires `clawhub` CLI)Run it intentionally, review the exact skill name being fetched, and avoid granting extra privileges unless you understand why they are needed.
A local scan report could preserve snippets that include secrets if a scanned skill directory contains real credentials or .env files.
The scanner intentionally looks for credential-related patterns in scanned files. Findings include snippets, and the SKILL.md says JSON reports are saved locally, so reports could contain sensitive-looking lines from scanned skill files.
CREDENTIAL_ACCESS = re.compile(... r'(\.env\b|\.openclaw/|credentials|api[_-]?key|secret[_-]?key|password|token|...|\.ssh/|id_rsa)' ...)
Do not share scan reports publicly without reviewing/redacting them, and avoid placing real secrets inside skill directories.
Users could over-rely on a clean or low-risk result and skip manual review of a harmful skill that the scanner does not detect.
This wording may overstate what a static pattern-based scanner can guarantee. A clean result means no listed patterns were detected, not that a skill is definitely safe.
If CLEAN or LOW only → safe to install
Treat results as one input to a security decision, and still review source, permissions, provenance, and high-impact behavior before installing a skill.