ClawHub

Skill Security Scanner

v1.1.1

Audits any SKILL.md for the three most common risk patterns — permission overreach, prompt injection, and scope mismatch. Free taster. Full 7-category audit...

0· 109·0 current·0 all-time
by@ordo-tech
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested tools: 'read' and 'web_fetch' are exactly what a SKILL.md auditor needs to load local files or remote URLs. No unrelated env vars, binaries, or install steps are requested.
Instruction Scope
SKILL.md instructs the agent to fetch/read a target SKILL.md and run three checks (permission overreach, prompt injection, scope mismatch). That stays within the declared purpose. One operational caveat: the skill fetches arbitrary remote SKILL.md content; the agent must treat fetched content as data to analyze rather than as instructions to execute—otherwise the agent itself could be influenced by malicious instructions embedded in the scanned file. The SKILL.md does not provide explicit sandboxing guidance.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is written to disk and there is no package download risk.
Credentials
No environment variables, credentials, or config paths are requested. The declared requirements are minimal and proportionate to an auditor whose only task is reading or fetching SKILL.md content.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent system-wide privileges or modify other skills. Autonomous invocation (model invocation enabled) is the platform default and not a problem here.
Assessment
This skill appears coherent and low-risk: it only needs to read SKILL.md content locally or from a URL and returns a short audit. Before installing, consider: (1) the free audit is limited to 3 categories — do not rely solely on it for a full security guarantee; (2) when scanning remote URLs, the agent must treat fetched SKILL.md as untrusted data (otherwise prompt-injection content could influence the agent); prefer pasting files or fetching from canonical sources you control, or ensure the agent processes the file as plain text; (3) the author links to a paid "Security Pack" — that's a monetization detail, not a security red flag, but be aware of feature limits; (4) always follow up automated reports with a manual review for high-risk skills. Overall, the skill is consistent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk975qr8yw1capd64tb8yb1pkq584gkzc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments