Skillvet

The OpenClaw AgentSkills skill bundle "skillvet" is a security scanner designed to detect malicious patterns, credential theft, exfiltration, and prompt injection in other OpenClaw skills. The analysis of all files reveals the following: 1. **SKILL.md**: Clearly describes the skill's purpose as a security scanner. It lists numerous critical and warning checks, which are patterns `skillvet` looks for in *other* skills. It explicitly states that the scanner will flag itself due to containing these patterns and provides an `--exclude-self` option. The instructions within SKILL.md are for the user to operate the scanner, not for prompt-injection against an AI agent. 2. **scripts/skill-audit.sh**: This is the core scanning logic. It uses `grep` and `perl` (for advanced regex) to search for predefined malicious patterns (e.g., reverse shells, exfiltration endpoints, obfuscation, prompt injection phrases) within the target skill's files. The patterns themselves are loaded from `patterns.b64` (base64-encoded regex strings), a technique explained as "AV-safe" to prevent the scanner from being flagged as malware by other antivirus tools. The script performs static analysis and outputs findings in various formats (text, JSON, SARIF). 3. **scripts/safe-install.sh**: This script orchestrates a secure installation workflow. It uses the `clawdhub install` command to download a skill, then immediately runs `skill-audit.sh` on it. If critical issues are found, it automatically removes the newly installed skill (`rm -rf "$SKILL_DIR"`), acting as a protective measure. 4. **scripts/scan-remote.sh**: This script downloads a skill into a temporary directory using `clawdhub install` and then scans it with `skill-audit.sh` without permanently installing it, ensuring no malicious code is executed or persists. 5. **scripts/diff-scan.sh**: This script identifies changes between two versions of a skill and then runs `skill-audit.sh` only on the changed files, optimizing the scan process. 6. **tests/run-tests.sh**: This script is a test runner for `skillvet`. It decodes test fixtures (which contain examples of malicious patterns) from `fixtures.b64` and runs `skill-audit.sh` against them to verify detection capabilities. **Conclusion**: The "skillvet" skill is a legitimate security tool. Its code and documentation are entirely consistent with its stated purpose of detecting malware and vulnerabilities in other skills. The presence of malicious patterns (e.g., C2 IPs, reverse shell commands) within its files is solely for detection purposes (as regex patterns or test fixtures) and not for execution by `skillvet` itself. The scripts utilize standard system commands (`grep`, `find`, `rm`, `clawdhub`) in a manner that supports its security function, including protective measures like auto-removal of flagged skills. There is no evidence of intentional harmful behavior, data exfiltration, persistence, or prompt injection against the agent running `skillvet`. **Classification**: benign **Summary**: The skill "skillvet" is a security scanner designed to detect malware, credential theft, and prompt injection in other OpenClaw skills. All analyzed files (SKILL.md, skill-audit.sh, safe-install.sh, scan-remote.sh, diff-scan.sh, run-tests.sh) consistently demonstrate this purpose. The core scanner (`skill-audit.sh`) uses `grep` to match known malicious patterns (stored as base64-encoded regex in `patterns.b64`) against target skill files. The `safe-install.sh` script even includes logic to automatically remove skills found to have critical security issues, acting as a protective measure. There is no evidence of malicious intent or self-exploitation; the tool's "risky" content is purely for detection and testing.