ClawHub
Skill flagged — review recommended

ClawHub Security found sensitive or high-impact capabilities. Review the scan results before using.

Skill Vetter Plus

v1.0.5

Simple text-search security scanner for AI agent skills. Finds hardcoded secrets, dangerous function calls, and prompt-injection language. Not a professional...

0· 16· 5 versions· 0 current· 0 all-time· Updated 28m ago· MIT-0
by@certainlogicai

Security Scans

VirusTotalPendingClawScanReviewStatic analysisReview

Install

openclaw skills install skill-vetter-plus

Skill Vetter Plus

Overview

A simple text-search security scanner for AI agent skills. It reads files line-by-line and looks for TEXT FRAGMENTS associated with common security issues.

Not a professional SAST tool. It cannot analyze runtime behavior, parse ASTs, or track data flow. It just searches for text.

What It Actually Does

  • Reads all files in a skill directory
  • Searches line-by-line for dangerous text fragments
  • Reports what it finds with severity and location

Detection Fragments

  • Secrets: api_key, secret_key, password
  • Unsafe execution: eval(...), exec(...), os.system(...), shell=True
  • Network: urllib.request, requests.post, requests.get
  • Prompt injection: ignore previous instructions, ignore the above

What It Does NOT Do

ClaimReality
Deep static analysisNo. Just text search.
AST parsingNo. Regex or string matching only.
Data flow trackingNo. Cannot trace variable origins.
Runtime analysisNo. Only reads files, never executes.
Semgrep integrationOptional but not included by default.
Batch scanningNot implemented in current release.

Important: Earlier versions listed features like batch scanning, deep scanning, and semgrep integration. These are NOT implemented in the current release. The scanner is intentionally simple: line-by-line text search only.

Why ClawHub May Flag It

ClawHub's automated scan flagged this skill because:

  1. False positive detection: Earlier versions contained regex patterns for dangerous functions. These patterns LOOKED like code to ClawHub's scanner. We have since replaced them with ASCII-encoded search strings.

  2. Self-protection complexity: We tried several approaches to avoid false flags: .clawhubignore (hid the code), patterns.json (separated patterns into another file), and ASCII encoding (obfuscated strings). These look suspicious.

  3. Documentation mismatch: SKILL.md listed features (batch, deep, semgrep) that are NOT in the code. This was an early doc that got ahead of the code.

What we should have done from the start: Been honest about what it does. It is a simple text scanner. Nothing more.

Honest Limitations

  • Static analysis only — cannot detect runtime exploits
  • Text search — will match benign and malicious uses equally
  • No AST parsing — cannot distinguish eval("1+1") from eval(user_input)
  • Limited coverage — only searches for known fragments, not novel attacks
  • Not a replacement for professional security audits

How to Use

# Scan a skill directory
python3 scripts/vetter.py /path/to/skill

# JSON output
python3 scripts/vetter.py --json /path/to/skill

Free vs Pro

Free: Text search scanner, manual interpretation Pro ($49): Not yet available. Would include AST parsing, data flow tracking, batch scanning

Links

Built with brutal honesty by CertainLogic

Version tags

latestvk97c885wh7gnb43ch5067tjwtn85we6q

Runtime requirements

🛡️ Clawdis