Install
openclaw skills install skill-security-scanner-cleanskill-security-scanner-clean
Security scanner for OpenClaw skills. Use when installing, updating, or auditing skills to detect malicious backdoors, suspicious code patterns, data exfiltration risks, and security vulnerabilities. Automatically analyzes Python/JavaScript/Shell code for dangerous functions (eval, exec, system calls), network requests, file operations, environment variable access, obfuscation patterns, and known attack signatures. Provides security score and installation recommendations.
Audits
PassSkill Security Scanner
Protect your OpenClaw installation from malicious skills. This scanner performs static analysis on skill code to detect:
- Code Execution Threats:
eval,exec,os.system,subprocesscalls - Data Exfiltration: Hidden network requests, suspicious URLs, IP connections
- System Compromise: File deletion, permission changes, privilege escalation
- Credential Theft: Environment variable access, secret harvesting
- Cryptojacking: Mining malware, suspicious compute patterns
- Obfuscation: Hidden code, base64 encoding, minification
- Spyware: Keyloggers, screen capture, surveillance features
Quick Start
# Basic scan
python scripts/security_scanner.py /path/to/skill
# Strict mode (catches more suspicious patterns)
python scripts/security_scanner.py /path/to/skill --strict
# Save JSON report
python scripts/security_scanner.py /path/to/skill --format json -o report.json
# Generate markdown report
python scripts/security_scanner.py /path/to/skill --format markdown -o report.md
Understanding Results
Verdict Levels
| Verdict | Emoji | Meaning | Action |
|---|---|---|---|
| PASS | 🟢 | No critical issues found | Safe to install |
| REVIEW | 🟡 | Some concerns, review recommended | Check findings before installing |
| WARNING | 🟠 | High-risk patterns detected | Strongly reconsider installation |
| REJECT | 🔴 | Critical threats identified | DO NOT INSTALL |
Security Score
- 90-100: Excellent - minimal risk
- 70-89: Good - minor issues
- 50-69: Fair - requires review
- 0-49: Poor - significant risks
Detection Rules
Critical (🔴)
| Rule | Description | Example |
|---|---|---|
| EXEC001 | Code execution functions | eval(), exec(), compile() |
| SUSPICIOUS001 | Keylogger functionality | pynput, keyboard modules |
| SUSPICIOUS003 | Cryptocurrency mining | mining, bitcoin, stratum+tcp |
High (🟠)
| Rule | Description | Example |
|---|---|---|
| EXEC002 | System command execution | os.system(), subprocess.call() |
| NET002 | Raw socket connections | socket.connect() |
| ENV001 | Sensitive credential access | os.environ['PASSWORD'] |
| OBF001 | Code obfuscation | Base64, hex-encoded code |
| SUSPICIOUS002 | Screen capture | pyautogui.screenshot() |
| NET004 | Short URL usage | bit.ly, tinyurl links |
Medium (🟡)
| Rule | Description | Example |
|---|---|---|
| NET001 | HTTP network requests | requests.get(), fetch() |
| ENV002 | Environment enumeration | os.environ.items() |
| FILE001 | File deletion | os.remove(), shutil.rmtree() |
| DATA001 | Unsafe deserialization | pickle.loads(), yaml.load() |
| NET003 | Hardcoded IP addresses | Direct IP in URLs |
| OBF002 | Base64 encoded blocks | Large base64 strings |
Low/Info (🔵/⚪)
| Rule | Description |
|---|---|
| FILE002 | File write operations |
| CRYPTO001 | Cryptographic operations |
| DOC001 | Insufficient documentation |
| DOC002 | Missing security statements |
Workflow
Before Installing a New Skill
-
Download the skill to a temporary directory
-
Run the security scanner
-
Review the verdict:
- 🟢 PASS: Proceed with installation
- 🟡 REVIEW: Examine findings, verify legitimate use
- 🟠 WARNING: Only install from trusted sources
- 🔴 REJECT: Do not install
-
For 🟡/🟠 findings, manually review the flagged code
-
Confirm the skill's behavior matches its documentation
Before Updating an Existing Skill
- Run scanner on the new version
- Compare results with previous version's scan
- Check for new critical/high findings
- Review any new network/file operations
Automated Integration
Add to your skill installation workflow:
import subprocess
import sys
def safe_install_skill(skill_path):
# Run security scan
result = subprocess.run(
['python', 'scripts/security_scanner.py', skill_path, '--format', 'json'],
capture_output=True,
text=True
)
import json
report = json.loads(result.stdout)
if report['summary']['verdict'] == 'REJECT':
print("❌ Installation blocked: Critical security issues found")
return False
if report['summary']['verdict'] == 'WARNING':
response = input("⚠️ High-risk patterns detected. Install anyway? (y/N): ")
if response.lower() != 'y':
return False
# Proceed with installation
return True
Handling False Positives
Some legitimate skills may trigger warnings:
- Network requests: Skills that fetch data from APIs
- File operations: Skills that modify documents
- Encryption: Skills handling sensitive data
When you trust the source and understand the functionality, you can:
- Review the specific code flagged
- Verify it matches the documented purpose
- Manually approve if confident
Reporting Issues
If you find a skill with confirmed malicious intent:
- Do not install or run it
- Report to the skill repository/hosting platform
- Notify OpenClaw community channels
- Share scan report (without executing the skill)
Best Practices
- Only install skills from trusted sources
- Always scan before installing - even from trusted sources
- Review findings carefully - understand what the skill does
- Keep scanner updated - new detection rules added regularly
- Use strict mode for untrusted sources - catches more suspicious patterns
- Check skill updates - re-scan when updating existing skills
Exit Codes
The scanner returns specific exit codes:
| Code | Meaning |
|---|---|
| 0 | PASS or REVIEW - installation may proceed |
| 1 | WARNING - high-risk patterns found |
| 2 | REJECT - critical threats detected |
Use in scripts:
python scripts/security_scanner.py ./skill || {
echo "Security check failed"
exit 1
}