ClawHub

Neckr0ik Security Scanner

v1.0.0

Security audit tool for OpenClaw skills. Scans skill directories for common vulnerabilities including hardcoded secrets, unsafe shell commands, prompt inject...

0· 211·1 current·1 all-time
by@neckr0ik
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (security audit) align with the included audit.py and documentation. One minor inconsistency: claw.json lists the internal name "skillguard" while the registry lists "neckr0ik-security-scanner" — likely a naming/packaging mismatch but not by itself a security concern.
Instruction Scope
SKILL.md instructs the agent/user to run the included audit tool against a skill folder or the installed-skills directory (~/.openclaw/skills/). Reading installed skill files is exactly what a scanner must do. The docs explicitly note self-scan will flag example patterns. The scanner skips .md files and some example/doc heuristics (which could miss secrets in docs), but that is an implementation detail rather than malicious scope creep.
Install Mechanism
No install spec; this is essentially an instruction + bundled script (python). That is low risk—no external installers, downloads, or archive extraction are declared.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The audit script inspects files on disk (the expected behavior) but does not declare or require secrets. There is no evidence it needs unrelated credentials.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent presence or claim to modify other skills. disable-model-invocation is default (agent may invoke autonomously), which is normal — combine with the fact it performs local file reads, not network exfiltration.
Assessment
This skill appears to be a legitimate local security scanner. Before installing or running it: (1) Review the audit.py source yourself to confirm it does not perform network requests that would exfiltrate reports (the provided code appears to only scan files, but a final truncated section should be inspected); (2) note the claw.json name mismatch ("skillguard") — ask the author if that concerns you; (3) run the tool locally on a non-production copy of skill directories to see its output and ensure reports are stored locally (or explicitly review where --format outputs are written) before using it in CI; (4) if you will let an agent invoke it autonomously, be comfortable with the agent reading installed-skill files (it will scan potentially sensitive repos and configuration files). If you want extra assurance, run it in an isolated environment (container/VM) and grep the code for any network calls or subprocess invocations that could contact external domains.

Like a lobster shell, security has layers — review code before you run it.

latestvk9743drpme1sm24dszf3sws1bn82c6tz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments