ClawHub

AI Skill Scanner

Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
3 · 2.5k · 15 current installs · 16 all-time installs
by@HugoSbl
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the shipped assets: scripts/scan.py and scripts/advanced_checks.py implement static rules, entropy checks, payload decoding, dependency checks, and scanning of package.json/requirements — all reasonable for a skill scanner. No unrelated env vars, binaries, or install hooks are requested.
Instruction Scope
SKILL.md instructs the agent/user to run the supplied Python scanner against a local skill folder (python3 scripts/scan.py <skill-path>). That instruction is within scope, but it means the agent/operator will execute code included with the skill (the scanner itself). The scanner will read many files inside the target skill (package.json, requirements, source files) and perform decoding and AST/static checks — expected, but requires executing the scanner code on your environment.
Install Mechanism
No install spec provided (instruction-only meta plus Python scripts). No external downloads or install actions are declared. This minimizes supply-chain install risk, but executing the included Python files still runs third-party code.
Credentials
The skill requests no environment variables or credentials (proportionate). However, the scanner's rules explicitly look for credential access patterns in target code (e.g., os.environ, process.env) — which is appropriate for a scanner. Important: the scanner will be executed locally, so it will have whatever filesystem and runtime privileges the executor provides; no additional credentials are required by the skill itself.
Persistence & Privilege
Flags show always:false and user-invocable:true; the skill does not request persistent/automatic inclusion or system-wide config changes. There are no install scripts or persistent agents declared.
What to consider before installing
This package appears to be a legitimate static scanner, but you must treat the scanner code as untrusted third‑party code because running it will execute Python on your system. Before running it: (1) review scripts/advanced_checks.py and scripts/scan.py for use of exec/eval, subprocess calls, or network-sending code; (2) run the scanner only in an isolated environment (docker container, VM) with no network access and limited filesystem permissions; (3) search the files for dynamic execution patterns (eval/exec, subprocess/os.system), long encoded strings, or hardcoded endpoints; (4) note the many '# noscan' markers used in the code — these can hide lines from other scanners and merit a manual review of the surrounding code; (5) prefer scanner copies from a known/trusted source (official homepage or repo) rather than an unknown origin; and (6) if you only need static scanning, consider running a minimal, well-audited scanner instead of executing unfamiliar full-featured scripts. If you want, I can highlight specific lines to inspect or extract suspicious patterns from the source files for a focused review.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.1.0
Download zip
latestvk9772g21qdnjfag7yhzfv22bes80dsjf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Skill Security Scanner

Scan skills for malicious patterns before installation. Detects credential exfiltration, suspicious network calls, obfuscated code, prompt injection, and other red flags.

Quick Start

# Scan a local skill folder
python3 scripts/scan.py /path/to/skill

# Verbose output (show matched lines)
python3 scripts/scan.py /path/to/skill --verbose

# JSON output (for automation)
python3 scripts/scan.py /path/to/skill --json

Workflow: Scan Before Install

  1. Download or locate the skill folder
  2. Run python3 scripts/scan.py <skill-path> --verbose
  3. Review findings by severity (CRITICAL/HIGH = do not install)
  4. Report results to user with recommendation

Score Interpretation

ScoreMeaningRecommendation
CLEANNo issues foundSafe to install
INFOMinor notes onlySafe to install
REVIEWMedium-severity findingsReview manually before installing
SUSPICIOUSHigh-severity findingsDo NOT install without thorough manual review
DANGEROUSCritical findings detectedDo NOT install — likely malicious

Exit Codes

  • 0 = CLEAN/INFO
  • 1 = REVIEW
  • 2 = SUSPICIOUS
  • 3 = DANGEROUS

Rules Reference

See references/rules.md for full list of detection rules, severity levels, and whitelisted domains.

Limitations

  • Pattern-based detection — cannot catch all obfuscation techniques
  • No runtime analysis — only static scanning
  • False positives possible for legitimate tools that access network/files
  • Always combine with manual review for HIGH/MEDIUM findings

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…